Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-41566

    The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.... Read more

    Affected Products : tadtools
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3734

    A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initia... Read more

    Affected Products : windows redis
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37173

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-2790

    When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a ... Read more

    Affected Products : ichitaro
    • Published: Feb. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-9761

    An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called.... Read more

    Affected Products : asycuda_world
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34346

    A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of... Read more

    • Published: Sep. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25449

    An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.... Read more

    Affected Products : android dex
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35131

    Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.... Read more

    Affected Products : cockpit
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51590

    Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-4830

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection.This issue affects Signalix: 7T_0228. ... Read more

    Affected Products : signalix
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-54745

    WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2020-10062

    An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.... Read more

    Affected Products : zephyr
    • Published: Jun. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2007-4039

    Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into... Read more

    Affected Products : mozilla
    • Published: Jul. 27, 2007
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2007-5097

    PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter. NOTE: this issue is disputed by CVE because ... Read more

    Affected Products : offl
    • Published: Sep. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2011-2337

    A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.... Read more

    Affected Products : blink
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4121

    The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, dep... Read more

    Affected Products : ruby
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4628

    TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.... Read more

    Affected Products : typo3
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10105

    admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.... Read more

    Affected Products : piwigo
    • Published: Jan. 03, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-10114

    SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.... Read more

    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-10923

    The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.... Read more

    Affected Products : store_toolkit_for_woocommerce
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293349 Results