Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-30369

    Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2022-45716

    IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBindDel function.... Read more

    Affected Products : m50_firmware m50
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-40826

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function. Note: Multiple third parties have disputed this as not a valid vulnerability.... Read more

    Affected Products : codeigniter
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40853

    Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set... Read more

    Affected Products : ac15_firmware ac15
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-40866

    Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/... Read more

    Affected Products : w20e_firmware w20e
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-41390

    OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.... Read more

    Affected Products : ocomon
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-31543

    A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.... Read more

    Affected Products : pipreqs
    • Published: Jun. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46859

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. ... Read more

    Affected Products : spiffy_calendar
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46849

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon &... Read more

    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31752

    SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.... Read more

    • Published: May. 23, 2023
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2020-24769

    SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.... Read more

    Affected Products : nexusphp
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42036

    The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-urls
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42040

    The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-algorithms
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-42496

    OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.... Read more

    Affected Products : nadesiko3
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-42498

    In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVer... Read more

    Affected Products : android
    • Published: Mar. 24, 2023
    • Modified: Feb. 28, 2025

  • 9.8

    CRITICAL
    CVE-2020-13877

    SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure.... Read more

    Affected Products : meeting_monitor
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5019

    A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function i... Read more

    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48196

    Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R700... Read more

    • Published: Dec. 30, 2022
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-48333

    Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow.... Read more

    Affected Products : trusted_application
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13917

    rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, ... Read more

    Affected Products : unleashed_firmware r310 r500 r600 t300 t301n t301s h320 h510 r710 +15 more products
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294277 Results