Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-49792

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; wh... Read more

    Affected Products : nextcloud_server notes
    • Published: Dec. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49622

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the d... Read more

    Affected Products : billing_software billing_system
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49656

    Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : matlab
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49681

    Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database. ... Read more

    Affected Products : job_portal
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3918

    json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Read more

    Affected Products : debian_linux json-schema
    • Published: Nov. 13, 2021
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-49654

    Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.... Read more

    Affected Products : matlab
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49606

    A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote ... Read more

    Affected Products : tinyproxy
    • Published: May. 01, 2024
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-49473

    Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and software version V2.0.0 build 6245 is vulnerable to Incorrect Access Control.... Read more

    Affected Products :
    • Published: Apr. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49408

    Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.... Read more

    Affected Products : ax3_firmware ax3
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49351

    A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function.... Read more

    Affected Products : br-6478ac_firmware br-6478ac
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2021-33833

    ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).... Read more

    Affected Products : debian_linux connection_manager
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33391

    An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.... Read more

    Affected Products : linux_kernel tidy
    • Published: Feb. 17, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-49255

    The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute com... Read more

    Affected Products : h8951-4g-esp_firmware h8951-4g-esp
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-49236

    A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback functio... Read more

    Affected Products : tv-ip1314pi_firmware tv-ip1314pi
    • Published: Jan. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-49231

    An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.... Read more

    Affected Products :
    • Published: Mar. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49208

    scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.... Read more

    Affected Products : glewlwyd_sso_server
    • Published: Nov. 23, 2023
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2019-15784

    Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections.... Read more

    Affected Products : secure_reliable_transport
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49109

    Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. ... Read more

    Affected Products : dolphinscheduler
    • Published: Feb. 20, 2024
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-49105

    An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed ... Read more

    Affected Products : owncloud owncloud_server
    • Published: Nov. 21, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2021-30473

    aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.... Read more

    Affected Products : fedora aomedia
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293605 Results