Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-18288

    An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter.... Read more

    Affected Products : stats
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18291

    An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter.... Read more

    Affected Products : stats
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37117

    A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.... Read more

    Affected Products : live555
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50919

    An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N... Read more

    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-49262

    The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.... Read more

    Affected Products : h8951-4g-esp_firmware h8951-4g-esp
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-28897

    The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. ... Read more

    Affected Products : superb_3_firmware superb_3
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0462

    A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handl... Read more

    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0412

    A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access contr... Read more

    Affected Products : dsshop
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0464

    A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql in... Read more

    Affected Products : online_faculty_clearance
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-21654

    Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker ... Read more

    Affected Products : rubygems.org
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0480

    A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of th... Read more

    Affected Products : taokeyun
    • Published: Jan. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0539

    A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be i... Read more

    Affected Products : w9_firmware w9
    • Published: Jan. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0224

    The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks... Read more

    Affected Products : givewp
    • Published: Jan. 16, 2024
    • Modified: Jun. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-3211

    The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.... Read more

    Affected Products : wordpress_database_administrator
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-0571

    A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer ove... Read more

    Affected Products : lr1200gb_firmware lr1200gb
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0579

    A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command inject... Read more

    Affected Products : x2000r_firmware x2000r
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-12534

    A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.... Read more

    Affected Products : quick_chat
    • Published: Jun. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-52041

    An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2018-9021

    An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.... Read more

    Affected Products : privileged_access_manager
    • Published: Jun. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9029

    An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.... Read more

    Affected Products : privileged_access_manager
    • Published: Jun. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294299 Results