Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-9433

    In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2018-9418

    In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation... Read more

    Affected Products : android
    • Published: Dec. 02, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2023-41887

    OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.... Read more

    Affected Products : openrefine
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15748

    SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes... Read more

    Affected Products : sitos_six
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9388

    In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.... Read more

    Affected Products : android
    • Published: Dec. 05, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2022-21797

    The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.... Read more

    Affected Products : fedora debian_linux joblib
    • Published: Sep. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41878

    MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers ... Read more

    Affected Products : metersphere
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9365

    In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for ex... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2023-41910

    An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/p... Read more

    Affected Products : lldpd
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41727

    An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.... Read more

    Affected Products : windows avalanche
    • Published: Dec. 19, 2023
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2016-10166

    Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.... Read more

    Affected Products : libgd
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-41685

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1. ... Read more

    Affected Products : woocommerce_support_system
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41542

    SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.... Read more

    Affected Products : jeecg_boot
    • Published: Dec. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26214

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerabilit... Read more

    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41526

    Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2018-9249

    FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request.... Read more

    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41442

    An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component.... Read more

    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9207

    Arbitrary file upload in jQuery Upload File <= 4.0.2... Read more

    Affected Products : jquery_upload_file
    • Published: Nov. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41351

    Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated ... Read more

    Affected Products : g-040w-q_firmware g-040w-q
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9175

    DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.... Read more

    Affected Products : dedecms
    • Published: Apr. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294418 Results