Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-8579

    A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is pos... Read more

    Affected Products : t8_firmware t8
    • Published: Sep. 08, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-8450

    Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges.... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-36736

    An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed.... Read more

    Affected Products : oneflow
    • Published: Jun. 06, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2023-7159

    A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted uplo... Read more

    Affected Products : masterlab
    • EPSS Score: %0.11
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27817

    A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.... Read more

    Affected Products : shopxo
    • EPSS Score: %1.30
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36782

    TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.... Read more

    Affected Products : cp300_firmware cp300
    • Published: Jun. 03, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-31475

    An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size o... Read more

    • EPSS Score: %26.75
    • Published: May. 11, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-9080

    A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. It is possibl... Read more

    Affected Products : student_record_system
    • Published: Sep. 22, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-40425

    File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.... Read more

    Affected Products : sparkshop
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-9108

    The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and including, 1.3.0. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2023-7248

    Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.  The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue... Read more

    Affected Products : vertica
    • Published: Mar. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30806

    The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/... Read more

    Affected Products : next-gen_application_firewall
    • EPSS Score: %17.04
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-6407

    A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /user-login.php. The manipulation of the argument Username leads to sql injection. It is possible to ... Read more

    Affected Products : online_hospital_management_system
    • Published: Jun. 21, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-3495

    The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati... Read more

    Affected Products :
    • Published: May. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-27909

    IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.... Read more

    Affected Products : concert
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-1113

    A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be in... Read more

    Affected Products : tarzan-cms
    • Published: Feb. 07, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-53763

    Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : office_purview_data_governance
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-32010

    A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-31355

    A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vu... Read more

    Affected Products : ac6_firmware ac6
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-9187

    Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292247 Results