Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-32674

    Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.... Read more

    Affected Products : pc_hardware_diagnostics
    • Published: Jun. 12, 2023
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-32571

    Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.... Read more

    Affected Products : linq
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32560

    An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.... Read more

    Affected Products : avalanche
    • Published: Aug. 10, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-32564

    An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.... Read more

    Affected Products : avalanche
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32562

    An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.... Read more

    Affected Products : avalanche
    • Published: Aug. 10, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-32569

    An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have... Read more

    Affected Products : infoscale_operations_manager
    • Published: May. 10, 2023
    • Modified: Jan. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-32563

    An unauthenticated attacker could achieve the code execution through a RemoteControl server.... Read more

    Affected Products : avalanche
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32557

    A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.... Read more

    Affected Products : windows apex_one
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32540

    In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file exte... Read more

    Affected Products : webaccess\/scada
    • Published: Jun. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-20733

    A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security ... Read more

    Affected Products : identity_services_engine
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32508

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5. ... Read more

    Affected Products : order_your_posts_manually
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32462

    Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbi... Read more

    Affected Products : smartfabric_os10
    • Published: Feb. 15, 2024
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-1276

    Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.... Read more

    Affected Products : mruby
    • Published: Apr. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1212

    Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.... Read more

    Affected Products : mruby
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1162

    A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32485

    Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critica... Read more

    Affected Products : smartfabric_storage_software
    • Published: Oct. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0540

    A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.2... Read more

    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32419

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution.... Read more

    Affected Products : iphone_os ipados
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0239

    corenlp is vulnerable to Improper Restriction of XML External Entity Reference... Read more

    Affected Products : corenlp
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32412

    A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294285 Results