Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-14942

    Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.... Read more

    Affected Products : wrn_150_firmware wrn_150
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-1963

    A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php of the component Search. The manipulation of the argument searchinput leads to sql i... Read more

    Affected Products : bank_locker_management_system
    • Published: Apr. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27719

    D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.... Read more

    Affected Products : dir878_firmware dir878
    • Published: Apr. 09, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-27178

    An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.... Read more

    Affected Products : gdidees_cms
    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2017-0829

    An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044.... Read more

    Affected Products : android
    • Published: Oct. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-1983

    A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/products/manage_product.php of the component GET Parameter Handler. The... Read more

    Affected Products : sales_tracker_management_system
    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19802

    File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter.... Read more

    Affected Products : doyocms
    • Published: Apr. 11, 2023
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-27032

    Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().... Read more

    • Published: Apr. 12, 2023
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-25745

    Memory corruption in modem due to improper input validation while handling the incoming CoAP message... Read more

    • Published: Apr. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-13069

    QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.... Read more

    Affected Products : music_station
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-26063

    Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.... Read more

    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-26065

    Certain Lexmark devices through 2023-02-19 have an Integer Overflow.... Read more

    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-2093

    A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is poss... Read more

    • Published: Apr. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2525

    Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.... Read more

    Affected Products : calibre-web calibre-web
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-1984

    A vulnerability classified as critical was found in SourceCodester Complaint Management System 1.0. This vulnerability affects unknown code of the file /users/check_availability.php of the component POST Parameter Handler. The manipulation of the argument... Read more

    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24468

    Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2... Read more

    • Published: Mar. 15, 2023
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-34128

    The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.... Read more

    Affected Products : positions
    • Published: Apr. 16, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-28808

    Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.... Read more

    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24831

    Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.... Read more

    Affected Products : iotdb
    • Published: Apr. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30771

    Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem ... Read more

    Affected Products : iotdb_web_workbench iotdb_workbench
    • Published: Apr. 17, 2023
    • Modified: Feb. 13, 2025
Showing 20 of 293437 Results