Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-4866

    A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file booking.php. The manipulation of the argument id leads to sql injection. The attack may b... Read more

    • Published: Sep. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36140

    In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.... Read more

    Affected Products : cleaning_business_software
    • Published: Sep. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19559

    An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter.... Read more

    Affected Products : agilis_xfs_for_opteva
    • Published: Sep. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31069

    An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.... Read more

    Affected Products : tsplus_remote_access
    • Published: Sep. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39637

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.... Read more

    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-2678

    A vulnerability was found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /changeimage1.php. The manipulation of the argument editid leads to sql injection. The attack may ... Read more

    • Published: Mar. 24, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-4766

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection.This issue affects Movus: before 20230913. ... Read more

    Affected Products : movus
    • Published: Sep. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4972

    Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects Digital Yepas: before 1.0.1.... Read more

    Affected Products : digital_yepas
    • Published: Sep. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4702

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1. ... Read more

    Affected Products : digital_yepas
    • Published: Sep. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-29135

    A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function.... Read more

    Affected Products : ac7_firmware ac7
    • Published: Mar. 24, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-4661

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9. ... Read more

    Affected Products : connect
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4833

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.This issue affects Network Marketing Software: before 1.0.2309.6. ... Read more

    Affected Products : besttem_network_marketing
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42398

    An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.... Read more

    Affected Products : zzcms
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-5018

    A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the ar... Read more

    Affected Products : lost_and_found_information_system
    • Published: Sep. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41030

    Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.... Read more

    Affected Products : rx4-1500_firmware rx4-1500
    • Published: Sep. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26837

    SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.... Read more

    Affected Products : delivernow
    • Published: Sep. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47516

    A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.... Read more

    Affected Products : pagure
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-43197

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.... Read more

    Affected Products : di-7200g_firmware di-7200g
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43207

    D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter.... Read more

    Affected Products : dwl-6610ap_firmware dwl-6610ap
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36109

    Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.... Read more

    Affected Products : jerryscript
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294282 Results