Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-27397

    Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.... Read more

    Affected Products : mailform
    • Published: May. 23, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-23306

    The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.Bur... Read more

    Affected Products : connect-iq
    • Published: May. 23, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-2750

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05. ... Read more

    Affected Products : e-municipality
    • Published: May. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2882

    Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. ... Read more

    Affected Products : cbot_core cbot_panel
    • Published: May. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33278

    In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.... Read more

    Affected Products : customers_export
    • Published: May. 25, 2023
    • Modified: Jan. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-48478

    The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.... Read more

    Affected Products : harmonyos
    • Published: May. 26, 2023
    • Modified: Jan. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-23932

    Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2015-20108

    xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.... Read more

    Affected Products : ruby-saml
    • Published: May. 27, 2023
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-2962

    A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql ... Read more

    Affected Products : faculty_evaluation_system
    • Published: May. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-55193

    OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.... Read more

    Affected Products : openimageio
    • Published: Jan. 23, 2025
    • Modified: Jan. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-29732

    SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memo... Read more

    Affected Products : solive
    • Published: May. 30, 2023
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-29727

    The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the appl... Read more

    Affected Products : call_blocker
    • Published: May. 30, 2023
    • Modified: Jan. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-3004

    A vulnerability, which was classified as critical, has been found in SourceCodester Simple Chat System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=read_msg of the component POST Parameter Handler. The manipulatio... Read more

    Affected Products : simple_chat_system
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33486

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: May. 31, 2023
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-3015

    A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery... Read more

    Affected Products : vip_video_analysis
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33735

    D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface.... Read more

    Affected Products : dir-846_firmware dir-846
    • Published: May. 31, 2023
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-23952

    Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.... Read more

    • Published: Jun. 01, 2023
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-33778

    Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attack... Read more

    • Published: Jun. 01, 2023
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-29736

    Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution.... Read more

    Affected Products : keyboard_themes
    • Published: Jun. 01, 2023
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-3061

    A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestri... Read more

    Affected Products : agro-school_management_system
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294264 Results