Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-3859

    A vulnerability was found in phpscriptpoint Car Listing 1.6 and classified as critical. This issue affects some unknown processing of the file /search.php of the component GET Parameter Handler. The manipulation of the argument brand_id/model_id/car_condi... Read more

    Affected Products : car_listing
    • Published: Jul. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34798

    An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : e-office
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38671

    Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. ... Read more

    Affected Products : paddlepaddle
    • Published: Jul. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38495

    Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane d... Read more

    Affected Products : crossplane crossplane
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33745

    TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).... Read more

    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3985

    A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can ... Read more

    Affected Products : online_jewelry_store
    • Published: Jul. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39015

    webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader.... Read more

    Affected Products : webmagic
    • Published: Jul. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37215

    JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials... Read more

    • Published: Jul. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34842

    Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.... Read more

    Affected Products : dedecms
    • Published: Jul. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-1889

    picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the... Read more

    Affected Products : picklescan
    • Published: Mar. 03, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Supply Chain

  • 9.8

    CRITICAL
    CVE-2023-37478

    pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe ... Read more

    Affected Products : pnpm
    • Published: Aug. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36082

    An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.... Read more

    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38954

    ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.... Read more

    Affected Products : bioaccess_ivs
    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-27640

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-27648

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-27655

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2023-4120

    A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722 and classified as critical. This issue affects some unknown processing of the file importhtml.php. The manipulation of the argument sql leads to command injection. The attac... Read more

    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-27674

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006.... Read more

    Affected Products : virtual_appliance vasion_print
    • Published: Mar. 05, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-13787

    The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'veda_backup_and_restore_action' function. This makes it possible for... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-13147

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B Login Panel: before 15.01.2025.... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection
Showing 20 of 294267 Results