Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-45026

    An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process.... Read more

    Affected Products : markdown_preview_enhanced
    • EPSS Score: %0.09
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-22553

    Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to pa... Read more

    Affected Products : emc_appsync appsync
    • EPSS Score: %0.46
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-43689

    Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.... Read more

    • Published: Oct. 21, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2025-6897

    A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has b... Read more

    Affected Products : di-7300g\+_firmware di-7300g\+
    • Published: Jun. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-21396

    Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : account micrososft_account
    • Published: Jan. 29, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-7411

    A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /success.php. The manipulation of the argument ID leads to sql injection. The attack c... Read more

    Affected Products : lifestyle_store
    • Published: Jul. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-34750

    bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.... Read more

    Affected Products : macos bloofoxcms
    • EPSS Score: %0.40
    • Published: Jun. 14, 2023
    • Modified: Jan. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-40415

    A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-40493

    Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_p... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-40539

    my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.... Read more

    Affected Products : my-springsecurity-plus
    • Published: Jul. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45182

    Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.... Read more

    Affected Products : pi-star_digital_voice_dashboard
    • EPSS Score: %0.44
    • Published: Nov. 11, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-39649

    Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection... Read more

    Affected Products : theme_volty_cms_category_slider
    • EPSS Score: %0.07
    • Published: Oct. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39647

    Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL inject... Read more

    Affected Products : theme_volty_cms_category_product
    • EPSS Score: %0.07
    • Published: Oct. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39652

    theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().... Read more

    Affected Products : theme_volty_video_tab
    • EPSS Score: %0.09
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12352

    A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: Dec. 09, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2023-39662

    An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.... Read more

    Affected Products : llamaindex
    • EPSS Score: %2.45
    • Published: Aug. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45207

    Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString.... Read more

    Affected Products : jeecg_boot
    • EPSS Score: %0.39
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-39680

    Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code.... Read more

    Affected Products : unicopia
    • EPSS Score: %0.10
    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45347

    Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client.... Read more

    Affected Products : shardingsphere
    • EPSS Score: %0.47
    • Published: Dec. 22, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-5456

    A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. This issu... Read more

    Affected Products : imx6
    • Published: Mar. 05, 2024
    • Modified: Apr. 10, 2025
Showing 20 of 291779 Results