Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-31986

    A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations.... Read more

    Affected Products : br-6428ns_firmware br-6428ns
    • Published: May. 15, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2021-3586

    A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to... Read more

    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32015

    Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more

    • Published: Jun. 14, 2023
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-32014

    Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more

    • Published: Jun. 14, 2023
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-32002

    The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x... Read more

    Affected Products : node.js
    • Published: Aug. 21, 2023
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-31902

    RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).... Read more

    Affected Products : mobile_mouse
    • Published: May. 17, 2023
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-31704

    Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.... Read more

    Affected Products : online_computer_and_laptop_store
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31654

    Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.... Read more

    Affected Products : redisraft
    • Published: Jan. 23, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-42299

    Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.... Read more

    Affected Products : openimageio
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34523

    Microsoft Exchange Server Elevation of Privilege Vulnerability... Read more

    Affected Products : exchange_server
    • Actively Exploited
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31579

    Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.... Read more

    Affected Products : lamp-cloud
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31488

    Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute ... Read more

    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33564

    An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs becau... Read more

    Affected Products : dragonfly
    • Published: May. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31424

    Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.... Read more

    Affected Products : brocade_sannav
    • Published: Aug. 31, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-31587

    Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.... Read more

    Affected Products : ac5_firmware ac5
    • Published: May. 16, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-31240

    Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.... Read more

    Affected Products : orvc
    • Published: May. 22, 2023
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2023-31222

    Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device cau... Read more

    Affected Products : paceart_optima
    • Published: Jun. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31212

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7,... Read more

    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31914

    In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.... Read more

    Affected Products : windows teamcity
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31886

    A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versi... Read more

    • Published: Nov. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292897 Results