Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-33377

    Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices.... Read more

    Affected Products : connected_io
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33361

    Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.... Read more

    Affected Products : piwigo
    • Published: May. 23, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-33864

    StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.... Read more

    Affected Products : renderdoc
    • Published: Jun. 07, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-33479

    RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.... Read more

    Affected Products : remote_clinic
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33378

    Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.... Read more

    Affected Products : connected_io
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33374

    Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to... Read more

    Affected Products : connected_io
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33663

    In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue.... Read more

    Affected Products : aicustomfee
    • Published: Aug. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33508

    KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE).... Read more

    Affected Products : via_go2_firmware via_go2
    • Published: May. 31, 2023
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-33372

    Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages... Read more

    Affected Products : connected_io
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33367

    A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.... Read more

    Affected Products : control_id_idsecure
    • Published: Aug. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-3252

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attack... Read more

    Affected Products : weblogic_server
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33299

    A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. No... Read more

    Affected Products : fortinac
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28550

    Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will... Read more

    Affected Products : jhead
    • Published: Jun. 13, 2023
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-28206

    An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.... Read more

    Affected Products : mediawiki
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33246

    For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an a... Read more

    Affected Products : rocketmq
    • Actively Exploited
    • Published: May. 24, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-33239

    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which ... Read more

    • Published: Aug. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33219

    The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted devic... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33269

    An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).... Read more

    Affected Products : monitoring
    • Published: Oct. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27811

    GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.... Read more

    Affected Products : ocrfeeder
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27596

    A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS h... Read more

    Affected Products : quts_hero qts
    • Published: Jan. 30, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293934 Results