Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-1064

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection.This issue affects Weighbridge Automation Software: before 1.1. ... Read more

    Affected Products : weighbridge_automation_software
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1112

    A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to rela... Read more

    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48511

    Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48021

    A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server.... Read more

    Affected Products : zammad
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-3798

    A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. This vulnerability affects unknown code of the file /App_Resource/UEditor/server/upload.aspx. The manipulation of the argument fil... Read more

    • Published: Jul. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1303

    A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload... Read more

    Affected Products : ucms
    • Published: Mar. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3810

    A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointme... Read more

    Affected Products : hospital_management_system
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4890

    A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp. This issue affects some unknown processing of the file config/initializers/new_framework_defaults_7_0.rb of the component Cookie Handler. The manipulation leads ... Read more

    Affected Products : predictapp
    • Published: Jan. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1740

    A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/user/manage_user.php of the component GET Parameter Handler. The manipulation of the argumen... Read more

    Affected Products : air_cargo_management_system
    • Published: Mar. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25782

    An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming messag... Read more

    Affected Products : 720p_firmware 720p
    • Published: Jan. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1908

    A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categories/view_category.php of the component GET Parameter Handler. The manipulation ... Read more

    Affected Products : simple_mobile_comparison_website
    • Published: Apr. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4933

    A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection... Read more

    • Published: Mar. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37999

    Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.... Read more

    Affected Products : ht_mega
    • Published: May. 17, 2024
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2021-40870

    An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.... Read more

    Affected Products : controller
    • Actively Exploited
    • Published: Sep. 13, 2021
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-4963

    A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the compo... Read more

    Affected Products : spring_module_core
    • Published: Mar. 21, 2024
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-39666

    D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters.... Read more

    Affected Products : dir-842_firmware dir-842
    • Published: Aug. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40041

    TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.... Read more

    Affected Products : t10_v2_firmware t10_v2
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-20873

    In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x user... Read more

    Affected Products : spring_boot
    • Published: Apr. 20, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-40266

    An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.... Read more

    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-2106

    Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.... Read more

    Affected Products : calibre-web calibre-web
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025
Showing 20 of 293566 Results