Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-26069

    Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).... Read more

    • Published: Apr. 10, 2023
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-22279

    MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS c... Read more

    • Published: Jan. 17, 2023
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-26234

    JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance.... Read more

    Affected Products : jd-gui
    • Published: Feb. 21, 2023
    • Modified: Mar. 17, 2025

  • 9.8

    CRITICAL
    CVE-2021-23484

    The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory.... Read more

    Affected Products : zip-local
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1000

    Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.... Read more

    Affected Products : tiny_file_manager
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46976

    TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23803

    This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) afte... Read more

    Affected Products : latte
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27078

    A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.... Read more

    Affected Products : tl-mr3020_firmware tl-mr3020
    • Published: Mar. 23, 2023
    • Modified: Feb. 25, 2025

  • 9.8

    CRITICAL
    CVE-2023-47121

    Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue ... Read more

    Affected Products : discourse
    • Published: Nov. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27202

    Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php.... Read more

    Affected Products : best_pos_management_system
    • Published: Mar. 09, 2023
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-27231

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: Mar. 28, 2023
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-23462

    Libpeconv – integer overflow, before commit 75b1565 (30/11/2022).... Read more

    Affected Products : libpeconv
    • Published: Feb. 15, 2023
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2020-27631

    In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.... Read more

    Affected Products : cyclonetcp
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24154

    TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.... Read more

    Affected Products : t8_firmware t8
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-24156

    A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.... Read more

    Affected Products : t8_firmware t8
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2021-44219

    Gin-Vue-Admin before 2.4.6 mishandles a SQL database.... Read more

    Affected Products : gin-vue-admin
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27730

    In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.... Read more

    Affected Products : cloud_backup nginx_controller
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48804

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28409

    Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.... Read more

    Affected Products : mw_wp_form
    • Published: May. 23, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-49044

    Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294287 Results