Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-1038

    A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads... Read more

    Affected Products : online_reviewer_management_system
    • Published: Feb. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24206

    Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.... Read more

    Affected Products : davinci
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25234

    Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.... Read more

    Affected Products : ac500_firmware ac500
    • Published: Feb. 27, 2023
    • Modified: Mar. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-24253

    Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability.... Read more

    Affected Products : ikon_server
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0511

    Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1... Read more

    Affected Products : java_policy_agents
    • Published: Feb. 28, 2023
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-20946

    In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Feb. 28, 2023
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-1100

    A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument... Read more

    • Published: Feb. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22751

    There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploit... Read more

    Affected Products : arubaos sd-wan
    • Published: Mar. 01, 2023
    • Modified: Mar. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-1151

    A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation... Read more

    Affected Products : electronic_medical_records_system
    • Published: Mar. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26779

    CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE).... Read more

    Affected Products : yf-exam
    • Published: Mar. 03, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-4328

    The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server... Read more

    • Published: Mar. 06, 2023
    • Modified: Mar. 04, 2025

  • 9.8

    CRITICAL
    CVE-2021-36392

    In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.... Read more

    Affected Products : moodle
    • Published: Mar. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0755

    The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. ... Read more

    • Published: Feb. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1253

    A vulnerability, which was classified as critical, was found in SourceCodester Health Center Patient Record Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument username leads to sql injection. It is ... Read more

    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24736

    PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.... Read more

    Affected Products : pmb
    • Published: Mar. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33353

    Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.... Read more

    Affected Products : help_desk
    • Published: Mar. 08, 2023
    • Modified: Mar. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-1292

    A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function delete_client of the file classes/Master.php. The manipulation of the argument id leads to sql injecti... Read more

    Affected Products : sales_tracker_management_system
    • Published: Mar. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1300

    A vulnerability classified as critical was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file patient-report.php of the component POST Parameter Handler. The manipulation ... Read more

    • Published: Mar. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26075

    An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G MM message code... Read more

    • Published: Mar. 10, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-27582

    maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validat... Read more

    Affected Products : maddy
    • Published: Mar. 13, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293655 Results