Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-13394

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the rou... Read more

    • Published: May. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23935

    Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".... Read more

    • Published: Aug. 20, 2020
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-39345

    Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a p... Read more

    Affected Products : gin-vue-admin
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34065

    The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.... Read more

    Affected Products : rondolu-yt-concate
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-24115

    In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access.... Read more

    Affected Products : online_book_store
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-24215

    An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (... Read more

    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2955

    A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the... Read more

    • Published: May. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40009

    SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c.... Read more

    Affected Products : swftools
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-29728

    The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.... Read more

    Affected Products : call_blocker
    • Published: May. 30, 2023
    • Modified: Jan. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-29800

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 14, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-29801

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 14, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-45101

    Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution... Read more

    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40114

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.... Read more

    Affected Products : online_banking_system
    • Published: Sep. 23, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40116

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php.... Read more

    Affected Products : online_banking_system
    • Published: Sep. 23, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-30185

    CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.... Read more

    Affected Products : crmeb
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-30369

    Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2022-45716

    IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBindDel function.... Read more

    Affected Products : m50_firmware m50
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-40826

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not a valid vulnerability.... Read more

    Affected Products : codeigniter
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40853

    Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set... Read more

    Affected Products : ac15_firmware ac15
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-40866

    Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/... Read more

    Affected Products : w20e_firmware w20e
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025
Showing 20 of 293983 Results