Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-3688

    Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdra... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36672

    Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.... Read more

    Affected Products : novel-plus
    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9752

    Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.... Read more

    Affected Products : cloud_explorer
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0556

    The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (... Read more

    Affected Products : contentstudio
    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37096

    H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EnableIpv6.... Read more

    Affected Products : h200_firmware h200
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47115

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.... Read more

    Affected Products : a15_firmware a15
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-31335

    Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.... Read more

    Affected Products : online_ordering_system
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29696

    H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set.... Read more

    Affected Products : gr-1200w_firmware gr-1200w
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-44273

    Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.... Read more

    Affected Products : gnark-crypto
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4450

    A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched ... Read more

    Affected Products : jimureport
    • Published: Aug. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5163

    Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.... Read more

    Affected Products : carlcare carlcare
    • Published: Jun. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-5719

    The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid va... Read more

    Affected Products : crimson da50a da70a
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4324

    Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers... Read more

    • Published: Aug. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48694

    Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS US... Read more

    Affected Products : azure_rtos_usbx
    • Published: Dec. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48698

    Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected co... Read more

    Affected Products : azure_rtos_usbx
    • Published: Dec. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40428

    The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.... Read more

    Affected Products : d8s_mpeg
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9989

    The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. ... Read more

    Affected Products : crypto_tool
    • Published: Oct. 29, 2024
    • Modified: Nov. 07, 2024

  • 9.8

    CRITICAL
    CVE-2022-28023

    Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.... Read more

    Affected Products : purchase_order_management_system
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35324

    A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication.... Read more

    Affected Products : a720r_firmware a720r
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-46535

    Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.... Read more

    Affected Products : jepaas
    • Published: Oct. 14, 2024
    • Modified: Jul. 03, 2025
Showing 20 of 294267 Results