Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-6232

    Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive o... Read more

    • EPSS Score: %0.43
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3100

    A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been discl... Read more

    Affected Products : ibos
    • EPSS Score: %0.05
    • Published: Jun. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6316

    The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upl... Read more

    Affected Products : mw_wp_form mw_wp_form
    • EPSS Score: %8.27
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26261

    In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15.... Read more

    Affected Products : waap_cloud waap_gateway
    • EPSS Score: %0.02
    • Published: Mar. 08, 2023
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-6415

    A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted... Read more

    Affected Products : voovi
    • EPSS Score: %0.20
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6617

    A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit... Read more

    Affected Products : simple_student_attendance_system
    • EPSS Score: %0.06
    • Published: Dec. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-52103

    Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.20
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3730

    A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely... Read more

    Affected Products : ehoney
    • EPSS Score: %0.05
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31029

    NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability m... Read more

    Affected Products : dgx_a100_firmware dgx_a100
    • EPSS Score: %0.19
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-37927

    Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through 4.7.0.... Read more

    Affected Products :
    • Published: Jul. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12286

    MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2023-7144

    A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads t... Read more

    Affected Products : masterlab
    • EPSS Score: %0.11
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-38289

    A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQ... Read more

    Affected Products : turbomeeting
    • Published: Jul. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1368

    A vulnerability was found in XHCMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php of the component POST Parameter Handler. The manipulation of the argument user leads to sql injection. The attack can b... Read more

    Affected Products : xhcms
    • EPSS Score: %0.05
    • Published: Mar. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37397

    An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password.... Read more

    Affected Products : yugabytedb
    • EPSS Score: %0.49
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51927

    YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.... Read more

    Affected Products : yonbip
    • EPSS Score: %0.13
    • Published: Jan. 20, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2019-6258

    D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf f... Read more

    Affected Products : dir-822_firmware dir-822
    • EPSS Score: %1.36
    • Published: Aug. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-38925

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl ... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-0735

    A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The att... Read more

    • EPSS Score: %0.10
    • Published: Jan. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0949

    Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability ... Read more

    Affected Products :
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291526 Results