Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-21785

    A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests t... Read more

    • Published: May. 28, 2024
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-3929

    Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This iss... Read more

    Affected Products : foxman-un unem
    • EPSS Score: %0.12
    • Published: Jan. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-21836

    A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerabi... Read more

    Affected Products : llama.cpp
    • Published: Feb. 26, 2024
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-22143

    The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. **Note:** This vulnerability derives from an incomplete fix of another [vulnerability](https://security.snyk.io/vuln/SN... Read more

    Affected Products : convict
    • EPSS Score: %0.85
    • Published: May. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27174

    Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score l... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39862

    Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.... Read more

    Affected Products : android dex dynamic_lockscreen
    • EPSS Score: %0.27
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22087

    route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.... Read more

    Affected Products : pico_http_server_in_c
    • EPSS Score: %4.83
    • Published: Jan. 05, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-27438

    Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbi... Read more

    Affected Products : doris
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-27447

    pretix before 2024.1.1 mishandles file validation.... Read more

    Affected Products : pretix
    • Published: Feb. 26, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-27844

    SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component.... Read more

    Affected Products : leurlrewrite
    • EPSS Score: %0.22
    • Published: Apr. 17, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-22729

    NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.... Read more

    Affected Products : mw5360_firmware mw5360
    • EPSS Score: %90.81
    • Published: Jan. 25, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-27853

    NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.... Read more

    Affected Products : rax30_firmware rax30
    • EPSS Score: %2.52
    • Published: Mar. 10, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-27836

    TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.... Read more

    Affected Products : tl-wpa8630p_firmware tl-wpa8630p
    • EPSS Score: %1.06
    • Published: Jun. 13, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-27710

    An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism.... Read more

    Affected Products : eskooly
    • Published: Jul. 05, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-22902

    Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.... Read more

    Affected Products : vinchin_backup_and_recovery
    • EPSS Score: %0.11
    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-22922

    An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php... Read more

    Affected Products : visitor_management_system_in_php
    • EPSS Score: %0.69
    • Published: Jan. 25, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-22923

    SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.... Read more

    Affected Products : adv_radius
    • EPSS Score: %0.14
    • Published: Feb. 13, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-22942

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • EPSS Score: %3.13
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2019-7271

    Nortek Linear eMerge 50P/5000P devices have Default Credentials.... Read more

    • EPSS Score: %0.24
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22338

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end d... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.08
    • Published: Jan. 04, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291158 Results