Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-41408

    Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.... Read more

    Affected Products : online_pet_shop_we_app
    • Published: Oct. 12, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-26496

    An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5124. Memory corruption can occur due to improper checking of the parameter length while parsing the fmtp attribu... Read more

    • Published: Mar. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36267

    In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of ... Read more

    Affected Products : airspot_5410_firmware airspot_5410
    • Published: Aug. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26865

    SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component.... Read more

    Affected Products : bdroppy
    • Published: Apr. 24, 2023
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-41688

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authenticat... Read more

    Affected Products : infrasuite_device_master
    • Published: Oct. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27015

    Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 07, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-26999

    An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.... Read more

    Affected Products : ngeniusone
    • Published: Jan. 09, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-27041

    School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php.... Read more

    • Published: Mar. 16, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-27021

    Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 07, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-27052

    E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/delete_user.php.... Read more

    Affected Products : moosikay
    • Published: Mar. 13, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2020-21806

    SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php..... Read more

    Affected Products : ectouch
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41840

    Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.... Read more

    • Published: Nov. 18, 2022
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-36727

    Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php.... Read more

    Affected Products : library_management_system
    • Published: Aug. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36734

    Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php.... Read more

    Affected Products : library_management_system
    • Published: Aug. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41991

    A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a network request to tri... Read more

    Affected Products : quartz-gold_firmware quartz-gold
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42165

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-27720

    D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.... Read more

    Affected Products : dir-878_firmware dir-878
    • Published: Apr. 09, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-42168

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-27849

    rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.... Read more

    Affected Products : rails-routes-to-json
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2022-37070

    H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.... Read more

    Affected Products : gr-1200w_firmware gr-1200w
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294267 Results