Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-23803

    This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) afte... Read more

    Affected Products : latte
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27078

    A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.... Read more

    Affected Products : tl-mr3020_firmware tl-mr3020
    • Published: Mar. 23, 2023
    • Modified: Feb. 25, 2025

  • 9.8

    CRITICAL
    CVE-2023-47121

    Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue ... Read more

    Affected Products : discourse
    • Published: Nov. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27202

    Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php.... Read more

    Affected Products : best_pos_management_system
    • Published: Mar. 09, 2023
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-27231

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: Mar. 28, 2023
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-23462

    Libpeconv – integer overflow, before commit 75b1565 (30/11/2022).... Read more

    Affected Products : libpeconv
    • Published: Feb. 15, 2023
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2020-27631

    In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.... Read more

    Affected Products : cyclonetcp
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24154

    TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.... Read more

    Affected Products : t8_firmware t8
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-24156

    A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.... Read more

    Affected Products : t8_firmware t8
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2021-44219

    Gin-Vue-Admin before 2.4.6 mishandles a SQL database.... Read more

    Affected Products : gin-vue-admin
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27730

    In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.... Read more

    Affected Products : cloud_backup nginx_controller
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48804

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28409

    Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.... Read more

    Affected Products : mw_wp_form
    • Published: May. 23, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-49044

    Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24777

    Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.... Read more

    Affected Products : funadmin
    • Published: Mar. 08, 2023
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2021-36298

    Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ.... Read more

    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2865

    A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file print_ticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to... Read more

    Affected Products : theme_park_ticketing_system
    • Published: May. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25533

    NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.... Read more

    Affected Products : dgx_h100_firmware dgx_h100
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50708

    yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since i... Read more

    Affected Products : yii2-authclient
    • Published: Dec. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4443

    A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12. Affected is an unknown function of the file vm\doctor\edit-doc.php. The manipulation of the argument id00/nic/oldemail/... Read more

    • Published: Aug. 21, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293781 Results