Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-10522

    While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearabl... Read more

    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46732

    Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.... Read more

    Affected Products : proficy_historian
    • Published: Jan. 18, 2023
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-41637

    An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.... Read more

    Affected Products : realgimm
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37146

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1737

    A vulnerability, which was classified as critical, was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible ... Read more

    • Published: Mar. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41790

    Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pando... Read more

    Affected Products : pandora_fms
    • Published: Nov. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4182

    A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initi... Read more

    • Published: Aug. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-46612

    IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.... Read more

    Affected Products : icecms icecms
    • Published: Sep. 25, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-27143

    Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vu... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42556

    Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.... Read more

    Affected Products : hotel_management_system
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-41875

    Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6.... Read more

    Affected Products : wp_directory_kit
    • Published: Dec. 13, 2024
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-42639

    H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.... Read more

    • Published: Aug. 16, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-23358

    EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.... Read more

    Affected Products : easycms
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42783

    Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter.... Read more

    Affected Products : music_management_system
    • Published: Aug. 21, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-42813

    In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execu... Read more

    Affected Products : tew-752dru_firmware tew-752dru
    • Published: Aug. 19, 2024
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-47124

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.... Read more

    Affected Products : a15_firmware a15
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-47126

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet.... Read more

    Affected Products : a15_firmware a15
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2025-2383

    A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata lead... Read more

    • Published: Mar. 17, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-42966

    Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.... Read more

    Affected Products : n350rt_firmware n350rt
    • Published: Aug. 15, 2024
    • Modified: Oct. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-43202

    Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.... Read more

    Affected Products : dolphinscheduler
    • Published: Aug. 20, 2024
    • Modified: Mar. 18, 2025
Showing 20 of 293261 Results