Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-4883

    In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.... Read more

    Affected Products : whatsup_gold
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48063

    In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.... Read more

    Affected Products : pytorch
    • Published: Oct. 29, 2024
    • Modified: Jul. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-46909

    In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 02, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-46478

    HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.... Read more

    Affected Products : htmldoc
    • Published: Oct. 24, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-37303

    An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.... Read more

    Affected Products : mediawiki
    • Published: Jun. 30, 2023
    • Modified: Nov. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-45158

    An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabl... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Sep. 05, 2024
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-37289

    It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability ... Read more

    • Published: Jul. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37292

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock... Read more

    Affected Products : isherlock
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37286

    SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service.... Read more

    Affected Products : smartbpm.net
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42509

    Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation... Read more

    Affected Products : arubaos instant instant
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2023-41552

    Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set.... Read more

    Affected Products : ac9_firmware ac7_firmware ac9 ac7
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37794

    In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection.... Read more

    Affected Products : library_management_system
    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37177

    SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint.... Read more

    Affected Products : pmb pmb
    • Published: Feb. 21, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2023-37152

    Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.... Read more

    Affected Products : online_art_gallery
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37231

    Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2018-4124

    An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the "CoreText" component. It allow... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37148

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37069

    Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the lo... Read more

    Affected Products : online_hospital_management_system
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-40711

    A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).... Read more

    Affected Products : veeam_backup_\&_replication
    • Actively Exploited
    • Published: Sep. 07, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-37068

    Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplie... Read more

    Affected Products : gym_management_system
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294193 Results