Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-21749

    ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.... Read more

    Affected Products : mf971r_firmware mf971r
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2523

    A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestric... Read more

    Affected Products : e-office e-office
    • Published: May. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33443

    Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints.... Read more

    Affected Products : videoplaytool bes--6024pb-i50h1
    • Published: Jun. 08, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-44000

    An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server.... Read more

    Affected Products : backclick
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-44054

    The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1... Read more

    Affected Products : d8s-xml
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44139

    Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.... Read more

    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44172

    Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44204

    D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.... Read more

    Affected Products : dir-3060_firmware dir-3060
    • Published: Nov. 18, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-44087

    ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT.... Read more

    Affected Products : espcms
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44354

    SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.... Read more

    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-34606

    H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditvsList parameter at /dotrace.asp.... Read more

    Affected Products : magic_r200_firmware magic_r200
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44399

    Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.... Read more

    Affected Products : poultry_farm_management_system
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2021-42885

    TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4454

    A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql i... Read more

    Affected Products : bible-online
    • Published: Dec. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33966

    Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-ne... Read more

    Affected Products : deno deno_runtime
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44832

    D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.... Read more

    Affected Products : dir-3040_firmware dir-3040
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-44804

    D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.... Read more

    Affected Products : dir-882_firmware dir-882
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-34563

    netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.... Read more

    Affected Products : r6250_firmware r6250
    • Published: Jun. 20, 2023
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2023-34548

    Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.... Read more

    • Published: Jun. 16, 2023
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2023-34577

    SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.... Read more

    Affected Products : planned_popup
    • Published: Sep. 21, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293605 Results