Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-40759

    User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid ... Read more

    Affected Products : restaurant_booking_script
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25139

    njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.... Read more

    Affected Products : njs
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40834

    OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter.... Read more

    Affected Products : opencart
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40897

    Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.... Read more

    Affected Products : ac8v4_firmware ac8v4
    • Published: Aug. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2272

    A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument product_name leads to ... Read more

    Affected Products : online_bookstore_website
    • Published: Mar. 08, 2024
    • Modified: Mar. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-2281

    A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access ... Read more

    Affected Products : automated-mess-management-system
    • Published: Mar. 08, 2024
    • Modified: Mar. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-41009

    File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.... Read more

    Affected Products : bolo-solo
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2776

    A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-229282 is the identifi... Read more

    • Published: May. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30280

    Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.... Read more

    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2020-6835

    An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking.... Read more

    Affected Products : bftpd
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12017

    A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influ... Read more

    Affected Products : mapr
    • Published: Oct. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24331

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-47189

    Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0.... Read more

    • Published: Jun. 04, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-29981

    Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete.... Read more

    Affected Products : simple_client_management_system
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32531

    OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0.... Read more

    Affected Products : xevo
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46413

    TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-30053

    In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks.... Read more

    • Published: May. 17, 2022
    • Modified: Feb. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-46435

    Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.... Read more

    • Published: Oct. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2699

    A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler.... Read more

    Affected Products : lost_and_found_information_system
    • Published: May. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45462

    Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher... Read more

    Affected Products : dolphinscheduler
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 293508 Results