Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-24149

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-24153

    A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.... Read more

    Affected Products : t8_firmware t8
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2021-36503

    SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file.... Read more

    Affected Products : native-php-cms
    • Published: Feb. 03, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-23088

    Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function.... Read more

    Affected Products : jsonparser json-parser
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2013-10018

    A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile... Read more

    Affected Products : webfinance
    • Published: Feb. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48078

    pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode.... Read more

    Affected Products : pycdc
    • Published: Feb. 06, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2014-125084

    A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2 on vBulletin. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgra... Read more

    Affected Products : gimmie
    • Published: Feb. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17035

    UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.... Read more

    Affected Products : ucms
    • Published: Sep. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17072

    JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y.... Read more

    Affected Products : json\+\+
    • Published: Sep. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28582

    Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.... Read more

    • Published: Mar. 04, 2024
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-24351

    D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Feb. 10, 2023
    • Modified: Mar. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-48323

    Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrat... Read more

    Affected Products : sunflower
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-24160

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Feb. 14, 2023
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-16822

    SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.... Read more

    Affected Products : seacms
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33304

    Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.... Read more

    Affected Products : picotcp picotcp-ng
    • Published: Feb. 15, 2023
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-16283

    The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.... Read more

    Affected Products : wechat_brodcast
    • Published: Sep. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38375

    An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.... Read more

    Affected Products : fortinac fortinac-f
    • Published: Feb. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0562

    A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to... Read more

    Affected Products : bank_locker_management_system
    • Published: Jan. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33226

    Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input... Read more

    Affected Products : salt
    • Published: Feb. 17, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2021-26277

    The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.... Read more

    Affected Products : android frame_service
    • Published: Feb. 17, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293508 Results