Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-7561

    Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact.... Read more

    Affected Products : ac9_firmware ac9_firmware ac9
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46597

    TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function.... Read more

    Affected Products : tew-755ap_firmware tew-755ap
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-28581

    Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.... Read more

    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3374

    Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0. ... Read more

    Affected Products : bookreen
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30723

    Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege.... Read more

    Affected Products : health
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46600

    TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_24g function.... Read more

    Affected Products : tew-755ap_firmware tew-755ap
    • Published: Dec. 30, 2022
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2017-7434

    In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.... Read more

    Affected Products : identity_manager
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9278

    The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.... Read more

    Affected Products : identity_manager
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9285

    NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.... Read more

    Affected Products : edirectory edirectory
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46601

    TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setbg_num parameter in the icp_setbg_img (sub_41DD68) function.... Read more

    Affected Products : tew-755ap_firmware tew-755ap
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-39422

    The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless.... Read more

    • Published: Sep. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18215

    xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value.... Read more

    Affected Products : leap xv
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40942

    Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Sep. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37759

    Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.... Read more

    Affected Products : crypto_currency_tracker
    • Published: Sep. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27149

    An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP.... Read more

    Affected Products : hg6245d_firmware hg6245d
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27160

    An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP.... Read more

    Affected Products : hg6245d_firmware hg6245d
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42276

    hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.... Read more

    Affected Products : hutool
    • Published: Sep. 08, 2023
    • Modified: Sep. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-4845

    A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The a... Read more

    Affected Products : simple_membership_system
    • Published: Sep. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4871

    A vulnerability classified as critical was found in SourceCodester Contact Manager App 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument contact/contactName leads to sql injection. The attack can be init... Read more

    Affected Products : contact_manager_app
    • Published: Sep. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4872

    A vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the argument contact/contactName leads to sql injection. The a... Read more

    Affected Products : contact_manager_app
    • Published: Sep. 10, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294299 Results