Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-46417

    TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function.... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46419

    TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function.... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46134

    D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the... Read more

    Affected Products : d-tale
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0897

    Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. ... Read more

    • Published: Oct. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39726

    An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.... Read more

    Affected Products : mintty
    • Published: Oct. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17558

    Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP2... Read more

    • Published: Oct. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-28406

    An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter... Read more

    Affected Products : ruoyi
    • Published: Apr. 07, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2023-5830

    A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication.... Read more

    Affected Products : document_locator
    • Published: Oct. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2005-10002

    A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path tr... Read more

    Affected Products : secure_files
    • Published: Oct. 29, 2023
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-43649

    baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.... Read more

    Affected Products : basercms
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36508

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact... Read more

    Affected Products : contact_form_to_db
    • Published: Oct. 31, 2023
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-46993

    In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46256

    PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sen... Read more

    Affected Products : px4_drone_autopilot
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46482

    SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.... Read more

    Affected Products : wuzhicms
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39281

    A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.... Read more

    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-45018

    Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database. ... Read more

    Affected Products : online_bus_booking_system
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-45336

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. ... Read more

    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-45346

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database... Read more

    Affected Products : online_food_ordering_script
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46958

    An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.... Read more

    Affected Products : lmxcms
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46954

    SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.... Read more

    Affected Products : relativityone
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294714 Results