Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-43951

    LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbitrary files from the environment via the objectname request parameter.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-45427

    In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-44302

    Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary cod... Read more

    • Published: Dec. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-21217

    In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40078

    In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User ... Read more

    Affected Products : android
    • Published: Dec. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48316

    Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components incl... Read more

    Affected Products : azure_rtos_netx_duo
    • Published: Dec. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48693

    Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which m... Read more

    Affected Products : azure_rtos_threadx
    • Published: Dec. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48696

    Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected co... Read more

    Affected Products : azure_rtos_usbx
    • Published: Dec. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42580

    Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.... Read more

    Affected Products : galaxy_store
    • Published: Dec. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49070

    Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10... Read more

    Affected Products : ofbiz
    • Published: Dec. 05, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-48860

    TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.... Read more

    Affected Products : n300rt_firmware n300rt
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49424

    Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.... Read more

    Affected Products : ax12_firmware ax12
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49426

    Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.... Read more

    Affected Products : ax12_firmware ax12
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49429

    Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules.... Read more

    Affected Products : ax9_firmware ax9
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49402

    Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50000

    Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50002

    Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40301

    NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability.... Read more

    Affected Products : ngeniuspulse
    • Published: Dec. 07, 2023
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-32499

    Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.... Read more

    Affected Products : project_center_server
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-49405

    Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293962 Results