Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-0849

    A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploi... Read more

    Affected Products : wndr3700_firmware wndr3700
    • Published: Feb. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7679

    In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.... Read more

    Affected Products : casperjs
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5482

    A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by u... Read more

    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7714

    All versions of package confucious are vulnerable to Prototype Pollution via the set function.... Read more

    Affected Products : confucious
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3311

    An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only rele... Read more

    Affected Products : october
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7727

    All versions of package gedi are vulnerable to Prototype Pollution via the set function.... Read more

    Affected Products : gedi
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23769

    Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Remote attackers can exploit the vulnerability such as stealing account, through remote code execution.... Read more

    Affected Products : windows reversewall-mds
    • Published: Oct. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-30885

    The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.... Read more

    Affected Products : pyesasky
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0788

    Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. ... Read more

    Affected Products : phpmyfaq
    • Published: Feb. 12, 2023
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-4214

    The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.... Read more

    Affected Products : apppresser
    • Published: Nov. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7808

    In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.... Read more

    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24326

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34934

    A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.... Read more

    • Published: May. 23, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2023-42283

    Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.... Read more

    Affected Products : tyk
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-50713

    SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php.... Read more

    Affected Products : smart_agent
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2021-33318

    An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the intern... Read more

    Affected Products : ipmatcher watsonwebserver
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24496

    An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.... Read more

    Affected Products : daily_habit_tracker
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42494

    EisBaer Scada - CWE-749: Exposed Dangerous Method or Function... Read more

    Affected Products : eisbaer_scada
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2662

    Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-level access to the device.... Read more

    Affected Products : portbloque_s_firmware portbloque_s
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10723

    Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.... Read more

    Affected Products : directus directus
    • Published: May. 05, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294289 Results