Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-39435

    Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming netwo... Read more

    • Published: Nov. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39807

    N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.... Read more

    • Published: Aug. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5509

    ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.... Read more

    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25990

    WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the... Read more

    Affected Products : websitebaker
    • Published: Oct. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41553

    Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg.... Read more

    Affected Products : ac9_firmware ac5_firmware ac9 ac5
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22385

    Memory Corruption in Data Modem while making a MO call or MT VOLTE call.... Read more

    • Published: Oct. 03, 2023
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-22480

    KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive infor... Read more

    Affected Products : kubeoperator
    • Published: Jan. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1322

    A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql ... Read more

    Affected Products : lmxcms
    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1391

    A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It... Read more

    • Published: Mar. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22756

    There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabiliti... Read more

    Affected Products : arubaos sd-wan
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0783

    The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL in... Read more

    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0785

    The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL ... Read more

    Affected Products : daily_prayer_time
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1466

    A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id wit... Read more

    • Published: Mar. 17, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-43058

    IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.... Read more

    • Published: Oct. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43203

    D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.... Read more

    Affected Products : dwl-6610ap_firmware dwl-6610ap
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4344

    Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection... Read more

    Affected Products : raid_controller_web_interface
    • Published: Aug. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2367

    A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible ... Read more

    Affected Products : faculty_evaluation_system
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4373

    Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. ... Read more

    Affected Products : remote_desktop_manager
    • Published: Aug. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24151

    A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.... Read more

    Affected Products : t8_firmware t8
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-24141

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025
Showing 20 of 293179 Results