Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-0895

    Static Code Injection in GitHub repository microweber/microweber prior to 1.3.... Read more

    Affected Products : microweber cockpit
    • EPSS Score: %1.14
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25528

    NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability m... Read more

    Affected Products : dgx_h100_firmware dgx_h100
    • EPSS Score: %0.49
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25562

    DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be by... Read more

    Affected Products : datahub
    • EPSS Score: %0.03
    • Published: Feb. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25589

    A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise.... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.94
    • Published: Mar. 22, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-25657

    Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 ... Read more

    Affected Products : nautobot
    • EPSS Score: %1.80
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25718

    In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (differen... Read more

    Affected Products : control
    • EPSS Score: %0.07
    • Published: Feb. 13, 2023
    • Modified: Jun. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-4590

    Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.... Read more

    Affected Products : frhed
    • EPSS Score: %0.42
    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23421

    All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.... Read more

    Affected Products : merge-change
    • EPSS Score: %0.53
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43703

    An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console.... Read more

    Affected Products : zzcms
    • EPSS Score: %0.86
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46010

    An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.... Read more

    Affected Products : seacms
    • EPSS Score: %0.28
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26066

    Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.... Read more

    • EPSS Score: %0.23
    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2020-27236

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.... Read more

    Affected Products : openclinic_ga
    • EPSS Score: %0.28
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46369

    Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function.... Read more

    Affected Products : w18e_firmware w18e
    • EPSS Score: %0.37
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23330

    All versions of package launchpad are vulnerable to Command Injection via stop.... Read more

    Affected Products : launchpad
    • EPSS Score: %12.89
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46521

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • EPSS Score: %0.24
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33964

    Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    • EPSS Score: %0.14
    • Published: Feb. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3398

    OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : cx-programmer
    • EPSS Score: %0.14
    • Published: Oct. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46706

    Multiple MachineSense devices have credentials unable to be changed by the user or administrator. ... Read more

    Affected Products : feverwarn_firmware feverwarn
    • EPSS Score: %0.08
    • Published: Feb. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26497

    An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribu... Read more

    • EPSS Score: %5.59
    • Published: Mar. 21, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-46785

    Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database. ... Read more

    Affected Products : online_matrimonial_project
    • EPSS Score: %0.15
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291158 Results