Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-36445

    Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication.... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6102

    A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1. Affected is an unknown function of the file /Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent. The manipulation lea... Read more

    • Published: Nov. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2923

    A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exp... Read more

    Affected Products : ac6_firmware ac6
    • Published: May. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33556

    TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: Jun. 07, 2023
    • Modified: Jan. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-6229

    Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP67... Read more

    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27314

    SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.... Read more

    Affected Products : doctor_appointment_system
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7098

    Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.... Read more

    Affected Products : winsure
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-7374

    A vulnerability classified as critical was found in SourceCodester Simple Realtime Quiz System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiat... Read more

    Affected Products : simple_realtime_quiz_system
    • Published: Aug. 02, 2024
    • Modified: Aug. 09, 2024

  • 9.8

    CRITICAL
    CVE-2022-41772

    Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. ... Read more

    Affected Products : infrasuite_device_master
    • Published: Oct. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5653

    A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack m... Read more

    Affected Products : t\+
    • Published: Jun. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6164

    The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP... Read more

    Affected Products : filter_\&_grids
    • Published: Jul. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29461

    An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in th... Read more

    Affected Products : arena arena_simulation
    • Published: May. 09, 2023
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-7857

    The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplie... Read more

    Affected Products : media_library_folders
    • Published: Aug. 29, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-26550

    A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.... Read more

    Affected Products : control-m
    • Published: Feb. 25, 2023
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2021-38733

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.... Read more

    Affected Products : semcms
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-5982

    A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the lo... Read more

    Affected Products : chuanhuchatgpt
    • Published: Oct. 29, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2023-29622

    Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.... Read more

    Affected Products : purchase_order_management
    • Published: Apr. 14, 2023
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-8336

    A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sq... Read more

    Affected Products : music_gallery_site
    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2023-29741

    An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database.... Read more

    Affected Products : bestweather
    • Published: May. 30, 2023
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-8584

    Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.... Read more

    Affected Products : orca_hcm
    • Published: Sep. 09, 2024
    • Modified: Feb. 17, 2025
Showing 20 of 293642 Results