Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-5525

    A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be... Read more

    Affected Products : trojan
    • Published: Jun. 03, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2022-46852

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions.... Read more

    Affected Products : wp_table_builder wp_table_builder
    • Published: May. 03, 2023
    • Modified: Jun. 06, 2025

  • 5.3

    MEDIUM
    CVE-2024-38894

    WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.... Read more

    Affected Products : wn551k1_firmware wn551k1
    • Published: Jun. 24, 2024
    • Modified: Jun. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-38892

    An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.... Read more

    Affected Products : wn551k1_firmware wn551k1
    • Published: Jun. 24, 2024
    • Modified: Jun. 06, 2025

  • 6.3

    MEDIUM
    CVE-2024-33373

    An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack.... Read more

    Affected Products : bl-w1210m_firmware bl-w1210m
    • Published: Jun. 14, 2024
    • Modified: Jun. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-38950

    Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function.... Read more

    Affected Products : libde265
    • Published: Jun. 26, 2024
    • Modified: Jun. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-38949

    Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc... Read more

    Affected Products : libde265
    • Published: Jun. 26, 2024
    • Modified: Jun. 06, 2025

  • 5.3

    MEDIUM
    CVE-2024-38895

    WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.... Read more

    Affected Products : wn551k1_firmware wn551k1
    • Published: Jun. 24, 2024
    • Modified: Jun. 06, 2025

  • 5.3

    MEDIUM
    CVE-2024-38896

    WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.... Read more

    Affected Products : wn551k1_firmware wn551k1
    • Published: Jun. 24, 2024
    • Modified: Jun. 06, 2025

  • 5.3

    MEDIUM
    CVE-2024-38897

    WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.... Read more

    Affected Products : wn551k1_firmware wn551k1
    • Published: Jun. 24, 2024
    • Modified: Jun. 06, 2025

  • 6.3

    MEDIUM
    CVE-2024-37662

    TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings... Read more

    Affected Products : tl-7dr5130_firmware tl-7dr5130
    • Published: Jun. 17, 2024
    • Modified: Jun. 06, 2025

  • 6.3

    MEDIUM
    CVE-2024-37661

    TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.... Read more

    Affected Products : tl-7dr5130_firmware tl-7dr5130
    • Published: Jun. 17, 2024
    • Modified: Jun. 06, 2025

  • 6.1

    MEDIUM
    CVE-2024-5155

    The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : inquiry_cart
    • Published: Jun. 14, 2024
    • Modified: Jun. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-3636

    The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ... Read more

    Affected Products : pinpoint_booking_system
    • Published: Aug. 05, 2024
    • Modified: Jun. 06, 2025

  • 5.9

    MEDIUM
    CVE-2024-6390

    The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : quiz_and_survey_master
    • Published: Aug. 03, 2024
    • Modified: Jun. 06, 2025

  • 6.8

    MEDIUM
    CVE-2025-23216

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The... Read more

    Affected Products : argo-cd argo_cd
    • Published: Jan. 30, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Information Disclosure

  • 10.0

    HIGH
    CVE-2025-5624

    A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_r... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5621

    A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os com... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5620

    A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is ... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2025-5622

    A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292811 Results