Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-37701

    Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.... Read more

    Affected Products : fh1203_firmware fh1203
    • EPSS Score: %0.12
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42425

    An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.... Read more

    • EPSS Score: %4.95
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37754

    PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.... Read more

    Affected Products : powerjob
    • EPSS Score: %66.25
    • Published: Jul. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-10031

    A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf7... Read more

    Affected Products : 491-project
    • EPSS Score: %0.05
    • Published: Jan. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37794

    WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp.... Read more

    Affected Products : fbm-291w_firmware fbm-291w
    • EPSS Score: %1.06
    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42493

    EisBaer Scada - CWE-256: Plaintext Storage of a Password... Read more

    Affected Products : eisbaer_scada
    • EPSS Score: %0.12
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27444

    langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro_... Read more

    • Published: Feb. 26, 2024
    • Modified: Jul. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-2818

    Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. ... Read more

    Affected Products : cockpit
    • EPSS Score: %1.42
    • Published: Aug. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-6075

    An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An at... Read more

    Affected Products : imagegear
    • EPSS Score: %1.43
    • Published: May. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23631

    superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only ... Read more

    Affected Products : blitz superjson superjson
    • EPSS Score: %0.40
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38024

    SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt ... Read more

    Affected Products : fhd_2_firmware fhd_2
    • EPSS Score: %0.53
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38044

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.... Read more

    Affected Products : hikashop
    • EPSS Score: %0.09
    • Published: Aug. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-44411

    D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.... Read more

    Affected Products : di-8300_firmware di-8300
    • Published: Sep. 09, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-44623

    An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.... Read more

    Affected Products : spx_graphics_controller
    • Published: Sep. 16, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-44721

    SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php.... Read more

    Affected Products : seacms
    • Published: Sep. 09, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-44727

    Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.... Read more

    Affected Products : event_management_system
    • Published: Sep. 05, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2017-11445

    Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.... Read more

    Affected Products : subrion_cms
    • EPSS Score: %0.25
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-40883

    A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.... Read more

    Affected Products : emlog
    • EPSS Score: %9.08
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47615

    Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.... Read more

    Affected Products : learnpress
    • EPSS Score: %88.26
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15017

    A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrad... Read more

    Affected Products : media_upload
    • EPSS Score: %0.09
    • Published: Jan. 10, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291269 Results