Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-49074

    A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker... Read more

    Affected Products : eap225_firmware eap225
    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2021-3670

    MaxQueryDuration not honoured in Samba AD DC LDAP... Read more

    Affected Products : fedora samba storage
    • EPSS Score: %3.26
    • Published: Aug. 23, 2022
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-39360

    An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigg... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-13029

    A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler. The manipulation leads to server-side request forgery.... Read more

    Affected Products : white-jotter
    • Published: Dec. 30, 2024
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-39367

    An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP ... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2023-48724

    A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web ... Read more

    Affected Products : eap225_firmware eap225
    • Published: Apr. 09, 2024
    • Modified: Aug. 21, 2025

  • 6.9

    MEDIUM
    CVE-2024-2911

    A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disc... Read more

    Affected Products : publiccms
    • Published: Mar. 26, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-2828

    A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument u... Read more

    Affected Products : easyadmin
    • Published: Mar. 22, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-2827

    A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The at... Read more

    Affected Products : easyadmin
    • Published: Mar. 22, 2024
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-39370

    An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to t... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-2826

    A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be ini... Read more

    Affected Products : easyadmin
    • Published: Mar. 22, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-2825

    A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is poss... Read more

    Affected Products : easyadmin
    • Published: Mar. 22, 2024
    • Modified: Aug. 21, 2025

  • 6.3

    MEDIUM
    CVE-2024-13028

    A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. Th... Read more

    Affected Products : white-jotter
    • Published: Dec. 29, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-13022

    A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. This affects the function UploadResponse of the file src/main/java/com/tarzan/cms/modules/admin/controller/common/UploadController.java of the component Article Manag... Read more

    Affected Products : tarzan-cms
    • Published: Dec. 29, 2024
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2025-3599

    Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user... Read more

    • Published: Apr. 30, 2025
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-39602

    An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to tr... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2023-50718

    NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped `table_name`. This vulnerability may result in leakage of s... Read more

    Affected Products : nocodb
    • Published: May. 14, 2024
    • Modified: Aug. 21, 2025

  • 5.7

    MEDIUM
    CVE-2023-50717

    NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed le... Read more

    Affected Products : nocodb
    • Published: May. 14, 2024
    • Modified: Aug. 21, 2025

  • 7.6

    HIGH
    CVE-2023-49781

    NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag wi... Read more

    Affected Products : nocodb
    • Published: May. 14, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-27243

    Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.... Read more

    • Published: May. 15, 2024
    • Modified: Aug. 21, 2025
Showing 20 of 290954 Results