Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-40146

    A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with... Read more

    Affected Products : smart_reader_firmware smart_reader
    • Published: Apr. 17, 2024
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2023-39367

    An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request... Read more

    Affected Products : smart_reader_firmware smart_reader
    • Published: Apr. 17, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2023-49913

    A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remot... Read more

    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2023-49912

    A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remot... Read more

    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2023-49911

    A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remot... Read more

    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2023-49910

    A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remot... Read more

    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2023-49909

    A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remot... Read more

    Affected Products : eap225_firmware eap225
    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2023-49908

    A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remot... Read more

    Affected Products : eap225_firmware eap225
    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2023-49907

    A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remot... Read more

    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2023-49906

    A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remot... Read more

    Affected Products : eap225_firmware eap225
    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-49134

    A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A spec... Read more

    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-49133

    A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A spec... Read more

    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2023-49074

    A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker... Read more

    Affected Products : eap225_firmware eap225
    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2021-3670

    MaxQueryDuration not honoured in Samba AD DC LDAP... Read more

    Affected Products : fedora samba storage
    • EPSS Score: %3.26
    • Published: Aug. 23, 2022
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-39360

    An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigg... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-13029

    A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler. The manipulation leads to server-side request forgery.... Read more

    Affected Products : white-jotter
    • Published: Dec. 30, 2024
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-39367

    An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP ... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2023-48724

    A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web ... Read more

    Affected Products : eap225_firmware eap225
    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 6.9

    MEDIUM
    CVE-2024-2911

    A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disc... Read more

    Affected Products : publiccms
    • Published: Mar. 26, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-2828

    A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument u... Read more

    Affected Products : easyadmin
    • Published: Mar. 22, 2024
    • Modified: Aug. 21, 2025
Showing 20 of 290943 Results