Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-28883

    In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.... Read more

    Affected Products : cerebrate
    • Published: Mar. 27, 2023
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-28839

    Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been a... Read more

    Affected Products : shoppingfeed
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28782

    Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3. ... Read more

    Affected Products : gravity_forms
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27265

    KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Softwar... Read more

    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15678

    TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.... Read more

    Affected Products : tightvnc
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28771

    Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which ... Read more

    • Actively Exploited
    • Published: Apr. 25, 2023
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-28769

    The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-servic... Read more

    Affected Products : dx5401-b0_firmware dx5401-b0
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28765

    An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and... Read more

    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15151

    AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.... Read more

    Affected Products : fedora adplug adplug
    • Published: Aug. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-26892

    The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.... Read more

    Affected Products : fedora nats-server
    • Published: Nov. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28753

    netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data.... Read more

    Affected Products : netconsd
    • Published: May. 18, 2023
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-28697

    Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.... Read more

    Affected Products : miineport_e1_firmware miineport_e1
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28879

    In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled... Read more

    Affected Products : debian_linux ghostscript
    • Published: Mar. 31, 2023
    • Modified: Feb. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-28698

    Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt... Read more

    Affected Products : fantsy fantasy
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28677

    Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Free... Read more

    Affected Products : convert_to_pipeline
    • Published: Apr. 02, 2023
    • Modified: Feb. 25, 2025

  • 9.8

    CRITICAL
    CVE-2020-25506

    D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.... Read more

    Affected Products : dns-320_firmware dns-320
    • Actively Exploited
    • Published: Feb. 02, 2021
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-28731

    AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Jooml... Read more

    Affected Products : acymailing
    • Published: Mar. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-2506

    The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This... Read more

    Affected Products : helpdesk
    • Actively Exploited
    • Published: Feb. 03, 2021
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2020-24978

    In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.... Read more

    Affected Products : netwide_assembler
    • Published: Sep. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28614

    Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.... Read more

    Affected Products : smart_trade
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294799 Results