Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-12634

    The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.... Read more

    Affected Products : camel
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-33963

    DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. The... Read more

    Affected Products : dataease
    • Published: Jun. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30603

    Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain th... Read more

    Affected Products : coda-5310_firmware coda-5310
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3057

    A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. ... Read more

    Affected Products : yfcmf-tp6
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3062

    A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to la... Read more

    Affected Products : agro-school_management_system
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26379

    Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. ... Read more

    • Published: May. 09, 2023
    • Modified: Jan. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-3069

    Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.... Read more

    Affected Products : corebos
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33670

    Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jun. 02, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-33671

    Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jun. 02, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-33673

    Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jun. 02, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-33386

    MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background.... Read more

    Affected Products : marsctf
    • Published: Jun. 05, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-3007

    A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argum... Read more

    • Published: May. 31, 2023
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000218

    LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.... Read more

    Affected Products : lightftp
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-31569

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Jun. 06, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-33532

    There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.... Read more

    Affected Products : r6250_firmware r6250
    • Published: Jun. 06, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-29632

    PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.... Read more

    Affected Products : jmspagebuilder
    • Published: Jun. 06, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-30400

    An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID ... Read more

    Affected Products : ak3918ev300_firmware ak3918ev300
    • Published: Jun. 07, 2023
    • Modified: Jan. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-4340

    The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing ... Read more

    Affected Products : ulisting
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4343

    The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action function being accessible and taking roles unprotected... Read more

    Affected Products : ulisting
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4362

    The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possi... Read more

    Affected Products : kiwi_social_share
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294426 Results