Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-1464

    A vulnerability, which was classified as critical, was found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file Users.php?f=save_user. The manipulation of the argument firstname/middlename/lastname/username/password le... Read more

    • Published: Mar. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-25083

    The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.... Read more

    Affected Products : pull_it
    • Published: Mar. 27, 2023
    • Modified: Feb. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-1140

    Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator.... Read more

    Affected Products : infrasuite_device_master
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-23310

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of servic... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-23319

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution,... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-1665

    Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0.... Read more

    Affected Products : twake
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27886

    Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script.... Read more

    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28654

    Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application ... Read more

    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28712

    Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions. ... Read more

    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26968

    In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload.... Read more

    Affected Products : atrocore
    • Published: Mar. 29, 2023
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-41530

    Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-2825

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding c... Read more

    • Published: Mar. 29, 2023
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-36983

    This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from ... Read more

    Affected Products : avalanche
    • Published: Mar. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-30405

    An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-54951

    A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff928... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-52272

    Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 04, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-52913

    A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2023-1735

    A vulnerability classified as critical was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this vulnerability is an unknown functionality of the file passwordrecover.php. The manipulation of the argument phonenumber leads to s... Read more

    • Published: Mar. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1741

    A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. ... Read more

    Affected Products : jeecg_boot
    • Published: Mar. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26829

    An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full auth... Read more

    Affected Products : centrestack
    • Published: Mar. 31, 2023
    • Modified: Feb. 18, 2025
Showing 20 of 293655 Results