Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-30376

    In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability.... Read more

    Affected Products : ac15_firmware ac15
    • EPSS Score: %0.12
    • Published: Apr. 24, 2023
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-30415

    Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.... Read more

    • EPSS Score: %0.14
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22992

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page con... Read more

    • EPSS Score: %7.78
    • Published: Mar. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22991

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) UR... Read more

    • Actively Exploited
    • EPSS Score: %70.78
    • Published: Mar. 31, 2021
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-30466

    This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker coul... Read more

    • EPSS Score: %0.40
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30261

    Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.... Read more

    Affected Products : openwb
    • EPSS Score: %53.69
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30191

    PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent().... Read more

    Affected Products : cdesigner
    • EPSS Score: %0.07
    • Published: May. 17, 2023
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-30189

    Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook().... Read more

    Affected Products : posstaticblocks
    • EPSS Score: %0.07
    • Published: May. 16, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-30149

    SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbit... Read more

    Affected Products : prestashop city_autocomplete
    • EPSS Score: %10.58
    • Published: Jun. 02, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-30131

    An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.... Read more

    Affected Products : easyinstall
    • EPSS Score: %0.24
    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30153

    An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.... Read more

    Affected Products : payplug
    • EPSS Score: %0.27
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30268

    CLTPHP <=6.0 is vulnerable to Improper Input Validation.... Read more

    Affected Products : windows cltphp
    • EPSS Score: %0.16
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-30145

    Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.... Read more

    Affected Products : camaleon_cms
    • EPSS Score: %66.96
    • Published: May. 26, 2023
    • Modified: Jan. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-30154

    Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `a... Read more

    Affected Products : aftermail
    • EPSS Score: %0.29
    • Published: Oct. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30076

    Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=.... Read more

    Affected Products : judging_management_system
    • EPSS Score: %0.07
    • Published: Apr. 20, 2023
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2021-22175

    When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registr... Read more

    Affected Products : gitlab
    • EPSS Score: %26.53
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30090

    Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : semcms
    • EPSS Score: %0.12
    • Published: May. 05, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2021-22049

    The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL reques... Read more

    Affected Products : vcenter_server
    • EPSS Score: %0.89
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41748

    Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.... Read more

    Affected Products : windows cloud_manager
    • EPSS Score: %0.83
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30187

    An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.... Read more

    Affected Products : document_server
    • EPSS Score: %0.93
    • Published: Aug. 14, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292730 Results