Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-29798

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 14, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-29802

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 14, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-29803

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 14, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-27654

    An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component.... Read more

    Affected Products : who
    • Published: Apr. 14, 2023
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-2075

    A vulnerability classified as critical has been found in Campcodes Online Traffic Offense Management System 1.0. This affects an unknown part of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to sql injection. It is p... Read more

    • Published: Apr. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-50660

    File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-41572

    An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.... Read more

    Affected Products : eyesofnetwork
    • Published: Jan. 07, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2021-46880

    x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.... Read more

    Affected Products : openbsd libressl
    • Published: Apr. 15, 2023
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2018-4301

    This issue is fixed in SCSSU-201801. A potential stack based buffer overflow existed in GemaltoKeyHandle.cpp.... Read more

    Affected Products : smart_card_services
    • Published: Jan. 08, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-2095

    A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php. The manipulation of the argument id leads to sql i... Read more

    • Published: Apr. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-22137

    Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive sy... Read more

    Affected Products :
    • Published: Jan. 08, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2023-2108

    A vulnerability has been found in SourceCodester Judging Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_contestant.php. The manipulation of the argument contestant_id leads to ... Read more

    Affected Products : judging_management_system
    • Published: Apr. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-13189

    A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the att... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2023-2145

    A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been classified as critical. Affected is an unknown function of the file projects_per_curriculum.php. The manipulation of the argument id leads to sql injection. It is possi... Read more

    Affected Products : online_thesis_archiving_system
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28254

    A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.... Read more

    Affected Products : laravel
    • Published: Apr. 19, 2023
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-57686

    A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter.... Read more

    Affected Products : land_record_system
    • Published: Jan. 10, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-29971

    Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-2244

    A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id l... Read more

    • Published: Apr. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-57225

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-12847

    NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulner... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Authentication
Showing 20 of 293651 Results