Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-7219

    A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based bu... Read more

    Affected Products : n350rt_firmware n350rt
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-7244

    Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to ... Read more

    Affected Products : icsnpp-ethercat
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46428

    A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php.... Read more

    Affected Products : simple_chatbot_application
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51572

    Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not r... Read more

    Affected Products : viewpower
    • Published: Apr. 01, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-51803

    LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring.... Read more

    Affected Products : heimdall_application_dashboard
    • Published: Apr. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51959

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-51972

    Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-52082

    Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` settings set to DB_LOG_SQL=true and DB_LOG_SQL_EXPLAIN=true.... Read more

    Affected Products : lychee
    • Published: Dec. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0344

    A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affected by this issue is some unknown functionality of the file check.php. The manipulation of the argument c leads to sql injection. The exploit has been disc... Read more

    Affected Products : timemail
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36545

    Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php.... Read more

    Affected Products : edoc-doctor-appointment-system
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0413

    A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. ... Read more

    Affected Products : dskms
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45701

    An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.... Read more

    Affected Products : tremor-script
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-52252

    Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.... Read more

    Affected Products : unified_remote
    • Published: Dec. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0493

    A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submit_delivery_list.php of the component HTTP POST Request Handler. The manipulation of ... Read more

    Affected Products : billing_software
    • Published: Jan. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-5227

    Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.... Read more

    Affected Products : phpmyfaq
    • Published: Sep. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45807

    jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.... Read more

    Affected Products : jpress
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28435

    This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js.... Read more

    Affected Products : ffmpeg-sdk
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10245

    The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' function. This makes it possible for unauthenticated atta... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-35286

    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensi... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-35338

    Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.... Read more

    Affected Products : i29_firmware i29
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293649 Results