Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-6609

    Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12... Read more

    • Published: Apr. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27100

    Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.... Read more

    Affected Products : pfsense_plus pfsense
    • Published: Mar. 22, 2023
    • Modified: Feb. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-26268

    Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php.... Read more

    Affected Products : xiaohuanxiong
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27195

    Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27033

    Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent().... Read more

    Affected Products : cdesigner
    • Published: Apr. 07, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2019-6206

    An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.... Read more

    Affected Products : iphone_os
    • Published: Mar. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5613

    In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action t... Read more

    Affected Products : freebsd
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26922

    SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint.... Read more

    Affected Products : matrix-gui
    • Published: Mar. 08, 2023
    • Modified: Mar. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-26864

    SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.... Read more

    Affected Products : smplredirectionsmanager
    • Published: Mar. 24, 2023
    • Modified: Feb. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-26813

    SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tabl... Read more

    Affected Products : wangmarket_cms
    • Published: Apr. 28, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-26800

    Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discovered to contain a command injetion vulnerability via the params.path parameter in the upgradeConfirm function.... Read more

    • Published: Mar. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27076

    Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.... Read more

    Affected Products : g103_firmware g103
    • Published: Apr. 10, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-26770

    TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.... Read more

    Affected Products : taskcafe
    • Published: Oct. 04, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-27003

    Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary... Read more

    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26613

    An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Jun. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26602

    ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.... Read more

    Affected Products : asmb8-ikvm_firmware
    • Published: Feb. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26750

    SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code... Read more

    Affected Products : yii
    • Published: Apr. 04, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-26583

    Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. ... Read more

    Affected Products : idweb
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26780

    CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.... Read more

    Affected Products : yf-exam
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-2856

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE). Supported versions that are affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with net... Read more

    Affected Products : weblogic_server
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293259 Results