Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-42807

    Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the lat... Read more

    Affected Products : frappe_lms
    • Published: Sep. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42279

    Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form.... Read more

    Affected Products : dreamer_cms
    • Published: Sep. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43128

    D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters.... Read more

    Affected Products : dir-806_firmware dir-806
    • Published: Sep. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43130

    D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection.... Read more

    Affected Products : dir-806_firmware dir-806
    • Published: Sep. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-5020

    A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument ac... Read more

    Affected Products : customer_relationship_management
    • Published: Sep. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48605

    Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0626

    Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. ... Read more

    Affected Products : desktop docker_desktop
    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32653

    An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulner... Read more

    Affected Products : imagegear
    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43141

    TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.... Read more

    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4521

    The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https:... Read more

    Affected Products : import_xml_and_rss_feeds
    • Published: Sep. 25, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-43644

    Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authen... Read more

    Affected Products : sing-box
    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38243

    xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request.... Read more

    Affected Products : xunruicms
    • Published: Sep. 27, 2023
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2018-6297

    Buffer overflow in Hanwha Techwin Smartcams... Read more

    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3767

    An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter... Read more

    Affected Products : webserver
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7474

    An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.... Read more

    Affected Products : textpattern
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-44013

    Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function.... Read more

    Affected Products : ac10u_firmware ac10u_firmware ac10u
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-44014

    Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters.... Read more

    Affected Products : ac10u_firmware ac10u_firmware ac10u
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-44017

    Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.... Read more

    Affected Products : ac10u_firmware ac10u_firmware ac10u
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-44019

    Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function.... Read more

    Affected Products : ac10u_firmware ac10u_firmware ac10u
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-44020

    Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.... Read more

    Affected Products : ac10u_firmware ac10u_firmware ac10u
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294690 Results