Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-3725

    Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem... Read more

    Affected Products : zephyr
    • EPSS Score: %0.56
    • Published: Oct. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3694

    A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument keywords/location ... Read more

    Affected Products : house_rental_and_property_listing
    • EPSS Score: %0.05
    • Published: Jul. 17, 2023
    • Modified: Mar. 04, 2025

  • 9.8

    CRITICAL
    CVE-2022-47635

    Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php.... Read more

    Affected Products : wms
    • EPSS Score: %0.08
    • Published: Dec. 21, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-3827

    A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The atta... Read more

    Affected Products : centreon
    • EPSS Score: %0.04
    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47860

    Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.... Read more

    Affected Products : lead_management_system
    • EPSS Score: %0.07
    • Published: Jan. 11, 2023
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-47949

    The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a ga... Read more

    • EPSS Score: %52.58
    • Published: Dec. 24, 2022
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-48122

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %1.45
    • Published: Jan. 20, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-37710

    Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function.... Read more

    • EPSS Score: %0.12
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48477

    In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing ... Read more

    Affected Products : hub
    • EPSS Score: %0.00
    • Published: Apr. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37966

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2. ... Read more

    Affected Products : user_activity_log
    • EPSS Score: %0.44
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1321

    A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml(0,concat(0x7e,user()),... Read more

    Affected Products : lmxcms
    • EPSS Score: %0.04
    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1458

    A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. ... Read more

    Affected Products : edgerouter_x_firmware edgerouter_x
    • EPSS Score: %0.51
    • Published: Mar. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38388

    Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. ... Read more

    Affected Products : jupiter_x_core
    • Published: Mar. 26, 2024
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-3457

    Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5.... Read more

    Affected Products : rdiffweb
    • EPSS Score: %0.56
    • Published: Oct. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3458

    A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulatio... Read more

    Affected Products : human_resource_management_system
    • EPSS Score: %0.07
    • Published: Oct. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-11710

    An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “... Read more

    Affected Products : docker-kong
    • EPSS Score: %93.88
    • Published: Apr. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43185

    JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.... Read more

    Affected Products : youtrack
    • EPSS Score: %0.01
    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34595

    Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %18.36
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1967

    Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. ... Read more

    Affected Products : n8844a
    • EPSS Score: %0.13
    • Published: Apr. 27, 2023
    • Modified: Jan. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-39017

    quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple... Read more

    Affected Products : quartz
    • EPSS Score: %0.62
    • Published: Jul. 28, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292099 Results