Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-34124

    The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.... Read more

    Affected Products : global_management_system analytics
    • Published: Jul. 13, 2023
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-34132

    Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.... Read more

    Affected Products : global_management_system analytics
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30151

    A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter.... Read more

    Affected Products : prestashop envoimoinscher
    • Published: Jul. 13, 2023
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-55160

    GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list.... Read more

    Affected Products : gfast
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25570

    Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials.... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-37716

    Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.... Read more

    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37722

    Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter.... Read more

    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8425

    The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and includ... Read more

    Affected Products : woocommerce_ultimate_gift_card
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-3661

    A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. It ... Read more

    Affected Products : ac_repair_and_services_system
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3695

    A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file add-product.php. The manipulation of the argument category leads to sql injection. It is possible to launch ... Read more

    Affected Products : beauty_salon_management_system
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-44898

    FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter in the web_aaa_loginAuthlistEdit function.... Read more

    Affected Products : wgs-804hpt_firmware wgs-804hpt
    • Published: May. 20, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-3186

    The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.... Read more

    Affected Products : popup
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2958

    Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714. ... Read more

    Affected Products : ats_pro
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37791

    D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin.... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-27590

    In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.... Read more

    Affected Products : oxidized_web
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-1856

    A vulnerability was found in Codezips Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/gen_invoice.php. The manipulation of the argument id leads to sql injection. ... Read more

    Affected Products : gym_management_system
    • Published: Mar. 03, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-3759

    A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public a... Read more

    • Published: Jul. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-1873

    SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagetitle" and "pagedescription" parameters in admin/contactus.php.... Read more

    Affected Products : best_online_news_portal
    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-26301

    Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.... Read more

    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3826

    A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=recruit/resume/edit&op=status of the component Interview Handler. The manipulation of the argument resum... Read more

    Affected Products : ibos
    • Published: Jul. 22, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294261 Results