Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-29805

    WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function.... Read more

    • EPSS Score: %1.14
    • Published: Apr. 14, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-3714

    A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possi... Read more

    Affected Products : online_medicine_ordering_system
    • EPSS Score: %0.06
    • Published: Oct. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6623

    The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.... Read more

    Affected Products : essential_blocks
    • EPSS Score: %89.36
    • Published: Jan. 15, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-6647

    A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has b... Read more

    Affected Products : hibos
    • EPSS Score: %0.06
    • Published: Dec. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-20385

    a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.Product: Androi... Read more

    Affected Products : android
    • EPSS Score: %0.25
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31068

    An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.... Read more

    Affected Products : tsplus_remote_access
    • EPSS Score: %1.50
    • Published: Sep. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-20472

    In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Prod... Read more

    Affected Products : android
    • EPSS Score: %48.04
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-7208

    A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to th... Read more

    Affected Products : x2000r_firmware x2000r
    • EPSS Score: %0.66
    • Published: Jan. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-7222

    A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument sub... Read more

    Affected Products : x2000r_firmware x2000r
    • EPSS Score: %0.19
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-38346

    The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabil... Read more

    Affected Products : cloudstack
    • Published: Jul. 05, 2024
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-0031

    In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for... Read more

    Affected Products : android
    • EPSS Score: %1.37
    • Published: Feb. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.8

    CRITICAL
    CVE-2014-4984

    Déjà Vu Crescendo Sales CRM has remote SQL Injection... Read more

    Affected Products : crescendo_-_sales_crm
    • EPSS Score: %3.50
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3735

    A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulne... Read more

    Affected Products : ehoney
    • EPSS Score: %0.06
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-38437

    D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel... Read more

    Affected Products : dsl-225_firmware dsl-225
    • Published: Jul. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-52200

    Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content ... Read more

    Affected Products : armember
    • EPSS Score: %0.20
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12954

    A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_ach.php. The manipulation of the argument ach_certy leads to unrestricted upload. It is pos... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 26, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-0740

    Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03 ... Read more

    Affected Products : target_management
    • Published: Apr. 26, 2024
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2014-5014

    The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.... Read more

    Affected Products : wordpress_flash_uploader
    • EPSS Score: %2.40
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12936

    A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The ... Read more

    Affected Products : simple_admin_panel
    • Published: Dec. 26, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-0987

    A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected is an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for logs. The exploit has been disclos... Read more

    Affected Products : kuerp
    • EPSS Score: %0.18
    • Published: Jan. 29, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291736 Results