Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-48849

    Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.... Read more

    • Published: Dec. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9019

    SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_... Read more

    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-35039

    Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a ... Read more

    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49428

    Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.... Read more

    Affected Products : ax12_firmware ax12
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49430

    Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg.... Read more

    Affected Products : ax9_firmware ax9
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49410

    Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49999

    Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50001

    Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5487

    NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.... Read more

    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49404

    Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Dec. 07, 2023
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-49406

    Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11444

    A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.... Read more

    Affected Products : easyservice_billing
    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46498

    An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.... Read more

    Affected Products : evershop
    • Published: Dec. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6411

    An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form... Read more

    Affected Products : machform machform
    • Published: May. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6651

    A vulnerability was found in code-projects Matrimonial Site 1.0. It has been classified as critical. Affected is an unknown function of the file /auth/auth.php?user=1. The manipulation of the argument username leads to sql injection. It is possible to lau... Read more

    Affected Products : matrimonial_site
    • Published: Dec. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6652

    A vulnerability was found in code-projects Matrimonial Site 1.0. It has been declared as critical. Affected by this vulnerability is the function register of the file /register.php. The manipulation leads to sql injection. The attack can be launched remot... Read more

    Affected Products : matrimonial_site
    • Published: Dec. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6181

    An oversight in BCB handling of reboot reason that allows for persistent code execution... Read more

    Affected Products : android chromecast_firmware chromecast
    • Published: Dec. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49417

    TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.... Read more

    Affected Products : a7000r_firmware a7000r
    • Published: Dec. 11, 2023
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-49418

    TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.... Read more

    Affected Products : a7000r_firmware a7000r
    • Published: Dec. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10551

    waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious... Read more

    Affected Products : waterline-sequel
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293353 Results