Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-33367

    A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.... Read more

    Affected Products : control_id_idsecure
    • Published: Aug. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-3252

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attack... Read more

    Affected Products : weblogic_server
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33299

    A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. No... Read more

    Affected Products : fortinac
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28550

    Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will... Read more

    Affected Products : jhead
    • Published: Jun. 13, 2023
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-28206

    An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.... Read more

    Affected Products : mediawiki
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33246

    For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an a... Read more

    Affected Products : rocketmq
    • Actively Exploited
    • Published: May. 24, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-33239

    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which ... Read more

    • Published: Aug. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33219

    The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted devic... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33269

    An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).... Read more

    Affected Products : monitoring
    • Published: Oct. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27811

    GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.... Read more

    Affected Products : ocrfeeder
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27596

    A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS h... Read more

    Affected Products : quts_hero qts
    • Published: Jan. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33222

    When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potent... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26945

    go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.... Read more

    Affected Products : go-getter
    • Published: May. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26871

    An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.... Read more

    Affected Products : apex_one apex_central
    • Actively Exploited
    • Published: Mar. 29, 2022
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2020-14750

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthent... Read more

    Affected Products : weblogic_server fusion_middleware
    • Actively Exploited
    • Published: Nov. 02, 2020
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-33273

    An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind).... Read more

    Affected Products : monitoring
    • Published: Oct. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2660

    Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. ... Read more

    Affected Products : dialink
    • Published: Dec. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26258

    D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.... Read more

    Affected Products : dir-820l_firmware dir-820l
    • Actively Exploited
    • Published: Mar. 28, 2022
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-25643

    seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.... Read more

    Affected Products : seatd
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33082

    Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.... Read more

    • Published: Dec. 05, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results