Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2023-49251

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely...

Affected Products : simatic_cn_4100
Published: Jan. 09, 2024

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2023-5347

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/...

Affected Products : jetnet_5310g_firmware jetnet_4508_firmware jetnet_4508i-w_firmware jetnet_4508-w_firmware jetnet_4508if-s_firmware jetnet_4508if-m_firmware jetnet_4508if-sw_firmware jetnet_4508if-mw_firmware jetnet_4508f-m_firmware jetnet_4508f-s_firmware +74 more products
Published: Jan. 09, 2024

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2024-0342

A vulnerability classified as critical has been found in Inis up to 2.0.1. Affected is an unknown function of the file /app/api/controller/default/Sqlite.php. The manipulation of the argument sql leads to sql injection. The exploit has been disclosed to t...

Affected Products : inis
Published: Jan. 09, 2024

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-26629

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server....

Affected Products : hospital_management_system
Published: Jan. 10, 2024

Modified: May. 09, 2025
9.8

CRITICAL

CVE-2023-48264

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request....

Affected Products : nexo-os nexo_cordless_nutrunner_nxa011s-36v-b_$0608842012$ nexo_cordless_nutrunner_nxa011s-36v_$0608842011$ nexo_cordless_nutrunner_nxa015s-36v-b_$0608842006$ nexo_cordless_nutrunner_nxa015s-36v_$0608842001$ nexo_cordless_nutrunner_nxa030s-36v-b_$0608842007$ nexo_cordless_nutrunner_nxa030s-36v_$0608842002$ nexo_cordless_nutrunner_nxa050s-36v-b_$0608842008$ nexo_cordless_nutrunner_nxa050s-36v_$0608842003$ nexo_cordless_nutrunner_nxa065s-36v-b_$0608842014$ +11 more products
Published: Jan. 10, 2024

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2023-51956

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv...

Affected Products : ax1803_firmware ax1803
Published: Jan. 10, 2024

Modified: Jun. 03, 2025
9.8

CRITICAL

CVE-2023-49599

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP...

Affected Products : avideo
Published: Jan. 10, 2024

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2023-51962

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo....

Affected Products : ax1803_firmware ax1803
Published: Jan. 10, 2024

Modified: Apr. 17, 2025
9.8

CRITICAL

CVE-2023-51968

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo....

Affected Products : ax1803_firmware ax1803
Published: Jan. 10, 2024

Modified: Jun. 16, 2025
9.8

CRITICAL

CVE-2023-51970

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv....

Affected Products : ax1803_firmware ax1803
Published: Jan. 10, 2024

Modified: Jun. 20, 2025
9.8

CRITICAL

CVE-2023-52064

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php....

Affected Products : wuzhi_cms wuzhicms
Published: Jan. 10, 2024

Modified: Jun. 03, 2025
9.8

CRITICAL

CVE-2023-51987

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords....

Affected Products : dir-822_firmware dir-822
Published: Jan. 11, 2024

Modified: Jun. 20, 2025
9.8

CRITICAL

CVE-2017-18288

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter....

Affected Products : stats
Published: Jun. 12, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-18291

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter....

Affected Products : stats
Published: Jun. 12, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2023-37117

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP....

Affected Products : live555
Published: Jan. 12, 2024

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N...

Affected Products : gl-mt3000_firmware gl-mt1300_firmware gl-mt300n-v2_firmware gl-ar750s_firmware gl-ar750_firmware gl-ar300m_firmware gl-b1300_firmware gl-mt6000_firmware gl-a1300_firmware gl-ax1800_firmware +14 more products
Published: Jan. 12, 2024

Modified: Jun. 03, 2025
9.8

CRITICAL

CVE-2023-49262

The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session....

Affected Products : h8951-4g-esp_firmware h8951-4g-esp
Published: Jan. 12, 2024

Modified: Jun. 03, 2025
9.8

CRITICAL

CVE-2023-28897

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. ...

Affected Products : superb_3_firmware superb_3
Published: Jan. 12, 2024

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2024-0462

A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handl...

Affected Products : online_faculty_clearance_system online_faculty_clearance
Published: Jan. 12, 2024

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2024-0412

A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access contr...

Affected Products : dsshop
Published: Jan. 11, 2024

Modified: Nov. 21, 2024

Showing 20 of 293425 Results

1
...
665
666
667
668
669
670
671
...
14672

Browse by Apps

Latest CVE Feed

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable