Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-41526

    Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2018-9249

    FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request.... Read more

    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41442

    An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component.... Read more

    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9207

    Arbitrary file upload in jQuery Upload File <= 4.0.2... Read more

    Affected Products : jquery_upload_file
    • Published: Nov. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41351

    Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated ... Read more

    Affected Products : g-040w-q_firmware g-040w-q
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9175

    DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.... Read more

    Affected Products : dedecms
    • Published: Apr. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9174

    sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.... Read more

    Affected Products : dedecms
    • Published: Apr. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9162

    Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.... Read more

    Affected Products : smart_home_firmware smart_home
    • Published: Mar. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9160

    SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.... Read more

    Affected Products : sickrage
    • Published: Mar. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41330

    knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. ## Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deseriali... Read more

    Affected Products : snappy
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0194

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from th... Read more

    Affected Products : debian_linux netatalk
    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9148

    Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for ... Read more

    Affected Products : my_cloud_firmware my_cloud
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-7695

    The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.... Read more

    Affected Products : debian_linux zend_framework
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-41268

    Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0. ... Read more

    Affected Products : escargot
    • Published: Dec. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9112

    A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-c... Read more

    Affected Products : ap-fc4064-t_firmware ap-fc4064-t
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45232

    In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use ... Read more

    Affected Products : apisix_dashboard
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41297

    Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26905

    An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id.... Read more

    • Published: Mar. 19, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2015-6816

    ganglia-web before 3.7.1 allows remote attackers to bypass authentication.... Read more

    Affected Products : fedora ganglia-web
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2025-7744

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection.This issue affects Omaspot: before 12.09.2025.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection
Showing 20 of 294299 Results