Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-35690

    Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not ... Read more

    Affected Products : coldfusion
    • Published: Oct. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34237

    SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privilege... Read more

    Affected Products : sabnzbd
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34218

    In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible... Read more

    Affected Products : teamcity
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34215

    TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentiall... Read more

    Affected Products : tn-5900_firmware tn-5900
    • Published: Aug. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34338

    AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. ... Read more

    Affected Products : megarac_sp-x megarac_spx
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34214

    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function... Read more

    • Published: Aug. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34136

    Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.... Read more

    Affected Products : global_management_system analytics
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34137

    SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier v... Read more

    Affected Products : global_management_system analytics
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-40692

    SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'requestid' parameter in the endpoint '/ofrs/details.php'.... Read more

    Affected Products : online_fire_reporting_system
    • Published: Sep. 11, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-41262

    An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL s... Read more

    Affected Products : scrutinizer
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34034

    Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. ... Read more

    • Published: Jul. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-40691

    SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'todate' parameter in the endpoint '/ofrs/admin/bwdates-report-result.php'.... Read more

    Affected Products : online_fire_reporting_system
    • Published: Sep. 11, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-40690

    SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'teamid' parameter in the endpoint '/ofrs/admin/edit-team.php'.... Read more

    Affected Products : online_fire_reporting_system
    • Published: Sep. 11, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-40689

    SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.php'.... Read more

    Affected Products : online_fire_reporting_system
    • Published: Sep. 11, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-33967

    EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0.... Read more

    Affected Products : easeprobe
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-40687

    SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.... Read more

    Affected Products : online_fire_reporting_system
    • Published: Sep. 11, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2018-3259

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to... Read more

    Affected Products : database database_server
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41331

    SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC fram... Read more

    Affected Products : sofarpc
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3236

    A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.... Read more

    Affected Products : firewall firewall_firmware
    • Actively Exploited
    • Published: Sep. 23, 2022
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-31706

    The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.... Read more

    Affected Products : vrealize_log_insight
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025
Showing 20 of 293620 Results