Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-45249

    Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Read more

    Affected Products : cavok
    • Published: Oct. 06, 2024
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-40784

    DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.17
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46323

    Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.10
    • Published: Dec. 20, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-27466

    MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.... Read more

    Affected Products : mcms
    • EPSS Score: %0.38
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40896

    Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.... Read more

    Affected Products : ac8v4_firmware ac8v4
    • EPSS Score: %0.12
    • Published: Aug. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4092

    SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations a... Read more

    Affected Products : arconte_aurea
    • EPSS Score: %0.14
    • Published: Sep. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-41618

    Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input in the `TrDeleteArr` parameter, which is directly incorporated ... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2022-27479

    Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.... Read more

    Affected Products : superset
    • EPSS Score: %4.32
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-41647

    Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller.... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-41645

    Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl.... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2020-26037

    Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : punkbuster
    • EPSS Score: %6.26
    • Published: Aug. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4547

    A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perf... Read more

    Affected Products : diaenergie
    • Published: May. 06, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-2263

    During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflo... Read more

    Affected Products : sante_pacs_server
    • Published: Mar. 13, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-46404

    A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary f... Read more

    • EPSS Score: %3.34
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2017-15975

    Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.... Read more

    Affected Products : dating_zone
    • EPSS Score: %2.51
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-0718

    Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.... Read more

    Affected Products : qts music_station
    • EPSS Score: %6.02
    • Published: Sep. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15991

    Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability t... Read more

    Affected Products : agent_zone
    • EPSS Score: %1.41
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-4560

    The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. This makes it possib... Read more

    Affected Products : kognetiks_chatbot
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-32073

    WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR.... Read more

    Affected Products : wolfssh
    • EPSS Score: %1.35
    • Published: Jul. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41351

    Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated ... Read more

    Affected Products : g-040w-q_firmware g-040w-q
    • EPSS Score: %0.09
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291219 Results