Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-53544

    NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the getCookieNames method in the smarttimeplus/MySQLConnection endpoint.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2020-22151

    Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.... Read more

    Affected Products : fuel_cms
    • Published: Jul. 03, 2023
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2023-36258

    An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.... Read more

    Affected Products : langchain
    • Published: Jul. 03, 2023
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2023-3504

    A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads t... Read more

    Affected Products : smartweb_infotech_job_board
    • Published: Jul. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46890

    Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46894

    Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48510

    Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48513

    Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37242

    Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36188

    An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.... Read more

    Affected Products : langchain
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34433

    PiiGAB M-Bus stores passwords using a weak hash algorithm. ... Read more

    Affected Products : m-bus_900s_firmware m-bus_900s
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37145

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36994

    In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.... Read more

    Affected Products : travianz
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37711

    Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function.... Read more

    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37656

    WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload.... Read more

    Affected Products : websiteguide
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26861

    SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module.... Read more

    Affected Products : viva_wallet
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-53573

    Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/{id}.... Read more

    Affected Products : unifiedtransform
    • Published: Feb. 26, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2023-3626

    A vulnerability, which was classified as critical, has been found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This issue affects some unknown processing of the file /Duty/AjaxHandle/UpLoadFloodPlanFi... Read more

    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3127

    An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.... Read more

    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26564

    The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory access... Read more

    Affected Products : ej2_aspcore_file_provider
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294283 Results