Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-52173

    XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0.... Read more

    Affected Products : xnview xnview_classic
    • EPSS Score: %0.22
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-7157

    A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_return_data.php. The manipulation of the argument columns[0]... Read more

    • EPSS Score: %0.12
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4541

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection.This issue affects Admin Panel: through 20231229.  NOTE: The vendor was contacted early about this disclo... Read more

    Affected Products : management_panel
    • EPSS Score: %0.15
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0194

    A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to ... Read more

    • EPSS Score: %0.20
    • Published: Jan. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0195

    A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection.... Read more

    Affected Products : spider-flow
    • EPSS Score: %92.26
    • Published: Jan. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46308

    In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.... Read more

    Affected Products : plotly.js
    • EPSS Score: %0.14
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-50921

    An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3... Read more

    • EPSS Score: %0.08
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-52304

    Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. ... Read more

    Affected Products : paddlepaddle
    • EPSS Score: %0.16
    • Published: Jan. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51784

    Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherr... Read more

    Affected Products : inlong
    • EPSS Score: %7.08
    • Published: Jan. 03, 2024
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-49442

    Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.... Read more

    Affected Products : jeecg
    • EPSS Score: %55.52
    • Published: Jan. 03, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-49666

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    Affected Products : billing_system
    • EPSS Score: %0.07
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50865

    Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database. ... Read more

    Affected Products : travel_website
    • EPSS Score: %0.07
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51812

    Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.... Read more

    Affected Products : ax3_firmware ax3
    • EPSS Score: %1.36
    • Published: Jan. 04, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-22088

    Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.... Read more

    Affected Products : lotos_webserver
    • EPSS Score: %0.29
    • Published: Jan. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46953

    SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module.... Read more

    Affected Products : abo.cms
    • EPSS Score: %0.80
    • Published: Jan. 06, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-0292

    A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possib... Read more

    Affected Products : lr1200gb_firmware lr1200gb
    • EPSS Score: %2.04
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0303

    A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side r... Read more

    Affected Products : youke_365
    • EPSS Score: %0.16
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0361

    A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclos... Read more

    • EPSS Score: %0.06
    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0364

    A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit h... Read more

    • EPSS Score: %0.05
    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48262

    The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.... Read more

    • EPSS Score: %1.74
    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292759 Results