Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-1294

    A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument ... Read more

    • Published: Mar. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1301

    A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the file deleteorder.php of the component GET Parameter Hand... Read more

    • Published: Mar. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1310

    A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file admin/prof.php. The manipulation of the argument id leads to sql inject... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24774

    Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.... Read more

    Affected Products : funadmin
    • Published: Mar. 10, 2023
    • Modified: Feb. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-27852

    NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.... Read more

    Affected Products : rax30_firmware rax30
    • Published: Mar. 10, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-48367

    An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.... Read more

    • Published: Mar. 12, 2023
    • Modified: Mar. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-27061

    Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a ... Read more

    Affected Products : w15e_firmware w15e
    • Published: Mar. 13, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-1198

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.This issue affects Starcities: through 1.3. ... Read more

    Affected Products : starcities
    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25207

    PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php.... Read more

    Affected Products : dpd_france
    • Published: Mar. 13, 2023
    • Modified: Mar. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-39216

    Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 ... Read more

    Affected Products : itop
    • Published: Mar. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14403

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.... Read more

    Affected Products : eyesofnetwork
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-27240

    Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.... Read more

    Affected Products : ax3_firmware ax3
    • Published: Mar. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1461

    A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file createCategories.php. The manipulation of the argument categoriesStatus leads to sql inj... Read more

    Affected Products : canteen_management_system
    • Published: Mar. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1468

    A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the c... Read more

    • Published: Mar. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28116

    Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG us... Read more

    Affected Products : contiki-ng
    • Published: Mar. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26805

    Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.... Read more

    Affected Products : w20e_firmware w20e
    • Published: Mar. 19, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-26806

    Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,... Read more

    Affected Products : w20e_firmware w20e
    • Published: Mar. 19, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-1497

    A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. It has been rated as critical. This issue affects some unknown processing of the file uploaderm.php. The manipulation of the argument submit leads to unrestricted upload... Read more

    • Published: Mar. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1498

    A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injecti... Read more

    • Published: Mar. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1002010

    Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.... Read more

    Affected Products : membership_simplified
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293437 Results