Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-44556

    Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Aug. 26, 2024
    • Modified: Aug. 27, 2024

  • 9.8

    CRITICAL
    CVE-2021-30192

    CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.... Read more

    • Published: May. 25, 2021
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-44563

    Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Aug. 26, 2024
    • Modified: Aug. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-44852

    Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan().... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2021-30231

    The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable parameter.... Read more

    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48384

    ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database... Read more

    Affected Products : spamtrap
    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-41116

    streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval(... Read more

    Affected Products : streamlit-geospatial
    • Published: Jul. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34249

    wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3_compile.c.... Read more

    Affected Products : wasm3
    • Published: May. 06, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2025-26008

    In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • Published: Mar. 26, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-34257

    TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: May. 08, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-22204

    Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability.... Read more

    Affected Products : sourcerer
    • Published: Feb. 04, 2025
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2022-27270

    InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet.... Read more

    Affected Products : inrouter_900_firmware inrouter_900
    • Published: Apr. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27276

    InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packet.... Read more

    Affected Products : inrouter_900_firmware inrouter_900
    • Published: Apr. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-32270

    In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting cou... Read more

    Affected Products : realplayer
    • Published: Jun. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-41369

    RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php... Read more

    Affected Products : phoniebox
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-45233

    An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the confi... Read more

    Affected Products : typo3 powermail
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-45251

    Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Read more

    Affected Products :
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 9.8

    CRITICAL
    CVE-2022-46316

    A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.... Read more

    Affected Products : harmonyos
    • Published: Dec. 20, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-37847

    novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.... Read more

    Affected Products : novel-plus novel-plus novel-plus
    • Published: Aug. 14, 2023
    • Modified: Aug. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-31746

    There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user.... Read more

    • Published: Jun. 14, 2023
    • Modified: Aug. 01, 2025
Showing 20 of 293493 Results