Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-28081

    A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where ... Read more

    Affected Products : hermes
    • Published: May. 18, 2023
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-27992

    The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticat... Read more

    • Actively Exploited
    • Published: Jun. 19, 2023
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2017-16398

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vul... Read more

    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-27846

    SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, ... Read more

    Affected Products : theme_volty_cms_blog
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-11998

    A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://doc... Read more

    • Published: Sep. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-11982

    An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deser... Read more

    Affected Products : airflow
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27836

    TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.... Read more

    Affected Products : tl-wpa8630p_firmware tl-wpa8630p
    • Published: Jun. 13, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-27667

    Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.... Read more

    Affected Products : auto_dealer_management_system
    • Published: Apr. 13, 2023
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2020-10956

    GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27645

    An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters.... Read more

    Affected Products : poweramp
    • Published: Apr. 11, 2023
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-27650

    An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter.... Read more

    Affected Products : launcher
    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-27716

    An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it.... Read more

    Affected Products : kafkaui-lite
    • Published: Jun. 12, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-27648

    Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage.... Read more

    Affected Products : change_color_of_keypad
    • Published: Apr. 14, 2023
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-27746

    BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.... Read more

    • Published: Apr. 13, 2023
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-27638

    An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the fun... Read more

    Affected Products : custom_product_designer
    • Published: Mar. 22, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-27605

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6. ... Read more

    Affected Products : wp_reroute_email
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23314

    MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.... Read more

    Affected Products : mcms
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27584

    Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret... Read more

    Affected Products : dragonfly dragonfly
    • Published: Sep. 19, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2020-0595

    Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    • Published: Jun. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27637

    An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file d... Read more

    Affected Products : custom_product_designer
    • Published: Mar. 22, 2023
    • Modified: Feb. 26, 2025
Showing 20 of 293308 Results