Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-22600

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the sam... Read more

    • Published: Jan. 12, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-22601

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An u... Read more

    • Published: Jan. 12, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-45444

    Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted acc... Read more

    Affected Products : real-time_location_system_studio
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-53823

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in the endpoint `/WeGIA/html/socio/sistema/processa_deletar_socio.php`, in the `id_socio` p... Read more

    Affected Products : wegia
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2023-24482

    A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), CO... Read more

    Affected Products : comos
    • Published: Feb. 14, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2014-125124

    An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p paramet... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2022-43604

    An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing... Read more

    Affected Products : opener
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-47190

    Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.... Read more

    Affected Products : cs141_firmware cs141
    • Published: Mar. 31, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2012-10058

    RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code executi... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2023-27497

    Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploit... Read more

    Affected Products : windows diagnostics_agent
    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2023-2231

    A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attac... Read more

    Affected Products : max-g866ac_firmware max-g866ac
    • Published: Apr. 21, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-32314

    vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a ... Read more

    Affected Products : vm2
    • Published: May. 15, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-23953

    Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    HIGH
    CVE-2018-7076

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.... Read more

    Affected Products : intelligent_management_center
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-24905

    WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, al... Read more

    Affected Products : wegia
    • Published: Feb. 03, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2024-13152

    Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2023-22814

    An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. ... Read more

    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-26852

    DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.... Read more

    Affected Products : infocad_fm infocad
    • Published: Mar. 20, 2025
    • Modified: Apr. 23, 2025

  • 10.0

    CRITICAL
    CVE-2023-45138

    Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and r... Read more

    Affected Products : change_request
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-5572

    Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.... Read more

    Affected Products : vrite
    • Published: Oct. 13, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293306 Results