Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-31060

    Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise.... Read more

    Affected Products : repetier-server
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-25132

    Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux... Read more

    Affected Products : powerpanel
    • Published: Apr. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24823

    RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between ... Read more

    Affected Products : riot
    • Published: Apr. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27848

    broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.... Read more

    Affected Products : broccoli-compass
    • Published: Apr. 24, 2023
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2012-5872

    ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.... Read more

    Affected Products : arc2
    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-30404

    Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.... Read more

    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-39989

    An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials.... Read more

    Affected Products : fighting_cock_information_system
    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-30211

    OURPHP <= 7.2.0 is vulnerable to SQL Injection.... Read more

    Affected Products : ourphp
    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-30363

    vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts.... Read more

    Affected Products : vconsole
    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-2297

    The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient... Read more

    Affected Products : profile_builder
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30467

    This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit... Read more

    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2369

    A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The ... Read more

    Affected Products : faculty_evaluation_system
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27973

    Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.... Read more

    • Published: Apr. 28, 2023
    • Modified: Jan. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-26781

    SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.... Read more

    Affected Products : mccms
    • Published: Apr. 28, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-2479

    OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.... Read more

    Affected Products : appium-desktop
    • Published: May. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2520

    A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical. This issue affects some unknown processing of the file cgi-bin/tools_ping.cgi?action=Command of the component Ping Handler. The manipulation of the argu... Read more

    Affected Products : caton_prime
    • Published: May. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2524

    A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of thi... Read more

    Affected Products : rhid
    • Published: May. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30264

    CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.... Read more

    Affected Products : cltphp
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-30053

    TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-29944

    Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench... Read more

    Affected Products : metersphere
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025
Showing 20 of 293656 Results