Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-41016

    Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequ... Read more

    Affected Products : quartz-gold_firmware quartz-gold
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41017

    Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequ... Read more

    Affected Products : quartz-gold_firmware quartz-gold
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42492

    Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulner... Read more

    Affected Products : quartz-gold_firmware quartz-gold
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46967

    An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory.... Read more

    Affected Products : revenue_collection_system
    • Published: Jan. 26, 2023
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-0530

    A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/approve_user.php. The manipulation of the argument id leads to sql inject... Read more

    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24167

    Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 26, 2023
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2018-16709

    Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via craf... Read more

    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24612

    The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.... Read more

    Affected Products : pdfbook
    • Published: Jan. 30, 2023
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-48006

    An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.... Read more

    Affected Products : taocms
    • Published: Jan. 30, 2023
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-32523

    A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Product... Read more

    • Published: Jan. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21129

    Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as... Read more

    Affected Products : nemo-appium
    • Published: Jan. 31, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-24163

    SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.... Read more

    Affected Products : hutool
    • Published: Jan. 31, 2023
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-24241

    Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.... Read more

    Affected Products : forget_heart_message_box
    • Published: Feb. 01, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-23928

    reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose application... Read more

    Affected Products : jose reason-jose
    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47740

    Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php.... Read more

    Affected Products : content_management_system
    • Published: Jan. 19, 2023
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-0651

    A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit ... Read more

    Affected Products : fastcms fastcms
    • Published: Feb. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48082

    Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag.... Read more

    Affected Products : easyone_crm
    • Published: Feb. 02, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-24143

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-24149

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-24153

    A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.... Read more

    Affected Products : t8_firmware t8
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025
Showing 20 of 293435 Results