Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-33671

    Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jun. 02, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-33673

    Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jun. 02, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-33386

    MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background.... Read more

    Affected Products : marsctf
    • Published: Jun. 05, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-3007

    A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argum... Read more

    • Published: May. 31, 2023
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000218

    LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.... Read more

    Affected Products : lightftp
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-31569

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jun. 06, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-33532

    There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.... Read more

    Affected Products : r6250_firmware r6250
    • Published: Jun. 06, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-29632

    PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.... Read more

    Affected Products : jmspagebuilder
    • Published: Jun. 06, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-30400

    An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID ... Read more

    Affected Products : ak3918ev300_firmware ak3918ev300
    • Published: Jun. 07, 2023
    • Modified: Jan. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-4340

    The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing ... Read more

    Affected Products : ulisting
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4343

    The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action function being accessible and taking roles unprotected... Read more

    Affected Products : ulisting
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4362

    The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possi... Read more

    Affected Products : kiwi_social_share
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4370

    The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. T... Read more

    Affected Products : ulisting
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-36705

    The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upl... Read more

    Affected Products : adning_advertising
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4380

    The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This mak... Read more

    Affected Products : pinterest_automatic_pin
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33553

    An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie.... Read more

    Affected Products : wdrt-1800ax_firmware wdrt-1800ax
    • Published: Jun. 07, 2023
    • Modified: Jan. 07, 2025

  • 9.8

    CRITICAL
    CVE-2017-5719

    A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.... Read more

    Affected Products : deep_learning_training_tool
    • Published: Nov. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-34364

    A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker t... Read more

    • Published: Jun. 09, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2017-8119

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated pri... Read more

    Affected Products : uma
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8123

    The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.... Read more

    Affected Products : uma
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293510 Results