Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-35837

    An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the de... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-22089

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-35830

    STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with r... Read more

    • Published: Jun. 29, 2023
    • Modified: Nov. 27, 2024

  • 9.8

    CRITICAL
    CVE-2023-35879

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78. ... Read more

    Affected Products : product_vendors
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-35853

    In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.... Read more

    Affected Products : suricata
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2023-21709

    Microsoft Exchange Server Elevation of Privilege Vulnerability... Read more

    Affected Products : exchange_server
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-35708

    In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthentica... Read more

    Affected Products : moveit_transfer
    • Published: Jun. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-20895

    The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.... Read more

    Affected Products : vcenter_server
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-35817

    DevExpress before 23.1.3 allows AsyncDownloader SSRF.... Read more

    Affected Products : devexpress
    • Published: Apr. 28, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2020-3909

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues... Read more

    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-20159

    Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affe... Read more

    • Published: May. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-56266

    A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.... Read more

    Affected Products : access_control_manager
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-56267

    A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.... Read more

    Affected Products : access_control_manager
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9424

    A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. The a... Read more

    Affected Products : ws7204-a_firmware ws7204-a
    • Published: Aug. 25, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-20073

    A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insu... Read more

    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-20025

    A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to improper ... Read more

    • Published: Jan. 20, 2023
    • Modified: Apr. 07, 2025

  • 9.8

    CRITICAL
    CVE-2020-3807

    Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to ar... Read more

    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-3799

    Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a stack-based buffer overflow vulnerability. Successful exploitation coul... Read more

    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-3788

    Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1133

    Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could a... Read more

    Affected Products : infrasuite_device_master
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results