Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-33278

    In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.... Read more

    Affected Products : customers_export
    • Published: May. 25, 2023
    • Modified: Jan. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-48478

    The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.... Read more

    Affected Products : harmonyos
    • Published: May. 26, 2023
    • Modified: Jan. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-23932

    Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2015-20108

    xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.... Read more

    Affected Products : ruby-saml
    • Published: May. 27, 2023
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-2962

    A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql ... Read more

    Affected Products : faculty_evaluation_system
    • Published: May. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-55193

    OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.... Read more

    Affected Products : openimageio
    • Published: Jan. 23, 2025
    • Modified: Jan. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-29732

    SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memo... Read more

    Affected Products : solive
    • Published: May. 30, 2023
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-29727

    The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the appl... Read more

    Affected Products : call_blocker
    • Published: May. 30, 2023
    • Modified: Jan. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-3004

    A vulnerability, which was classified as critical, has been found in SourceCodester Simple Chat System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=read_msg of the component POST Parameter Handler. The manipulatio... Read more

    Affected Products : simple_chat_system
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33486

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: May. 31, 2023
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-3015

    A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery... Read more

    Affected Products : vip_video_analysis
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33735

    D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface.... Read more

    Affected Products : dir-846_firmware dir-846
    • Published: May. 31, 2023
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-23952

    Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.... Read more

    • Published: Jun. 01, 2023
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-33778

    Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attack... Read more

    • Published: Jun. 01, 2023
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-29736

    Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution.... Read more

    Affected Products : keyboard_themes
    • Published: Jun. 01, 2023
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-3061

    A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestri... Read more

    Affected Products : agro-school_management_system
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3068

    A vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/modal_add_product.php. The manipulation of the argument category leads to sql injection. It is possible... Read more

    Affected Products : retro_cellphone_online_store
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33762

    eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter.... Read more

    Affected Products : simpleredak
    • Published: Jun. 02, 2023
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-29629

    PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php.... Read more

    Affected Products : jmsthemelayout
    • Published: Jun. 05, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2018-18427

    s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.... Read more

    Affected Products : s-cms
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294068 Results