Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-21235

    The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform ... Read more

    Affected Products : vcs
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8643

    CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..... Read more

    Affected Products : macos mac_os_x
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-37782

    An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field.... Read more

    Affected Products : centrestack
    • Published: Nov. 22, 2024
    • Modified: Nov. 27, 2024

  • 9.8

    CRITICAL
    CVE-2025-3800

    A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobile_phone leads to sql injection. The... Read more

    Affected Products : wcms
    • Published: Apr. 19, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-10998

    A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/process_category_add.php. The manipulation of the argument cat leads to sql injection.... Read more

    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2025-32985

    NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.... Read more

    Affected Products : ngeniusone
    • Published: Apr. 25, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-33294

    An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not p... Read more

    Affected Products : kaios
    • Published: May. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11074

    A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file /incadd.php. The manipulation of the argument inccat/desc/date/amount leads to sql injection. The attack ... Read more

    Affected Products : tailoring_management_system
    • Published: Nov. 11, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2022-25748

    Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IO... Read more

    • Published: Oct. 19, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-4299

    A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. Th... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: May. 06, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-24714

    The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.... Read more

    Affected Products : scalyr_agent
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-3963

    A vulnerability, which was classified as critical, has been found in withstars Books-Management-System 1.0. This issue affects some unknown processing of the file /admin/article/list of the component Background Interface. The manipulation leads to missing... Read more

    Affected Products : books-management-system
    • Published: Apr. 27, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2022-44928

    D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.... Read more

    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-41925

    The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2022-44196

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44184

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44201

    D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-43849

    Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_a and cpkt_b variables take user input (e.g. a path to a model) and pass it to the merge f... Read more

    • Published: May. 05, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2022-25890

    All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization. ... Read more

    Affected Products : wifey
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-44894

    FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radDftParamKey parameter in the web_radiusSrv_dftParam_post function.... Read more

    Affected Products : wgs-804hpt_firmware wgs-804hpt
    • Published: May. 20, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 294283 Results