Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2023-40485

    Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit th... Read more

    Affected Products : cinema_4d
    • Published: May. 03, 2024
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2023-40487

    Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerabil... Read more

    Affected Products : cinema_4d
    • Published: May. 03, 2024
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2023-40488

    Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerabil... Read more

    Affected Products : cinema_4d
    • Published: May. 03, 2024
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2023-40489

    Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerabil... Read more

    Affected Products : cinema_4d
    • Published: May. 03, 2024
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2024-31268

    Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. ... Read more

    Affected Products : apppresser
    • Published: Apr. 12, 2024
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2023-44856

    Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub_21D24 function in the acu_web file.... Read more

    • Published: Apr. 12, 2024
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2025-4891

    A vulnerability was found in code-projects Police Station Management System 1.0. It has been classified as critical. Affected is the function criminal::display of the file source.cpp of the component Display Record. The manipulation of the argument N lead... Read more

    • Published: May. 18, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-5107

    A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xml_cdr/xml_cdr_details.php. The manipulation of the argument uuid leads to sql injection. The attack can be initia... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2023-5907

    The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, wher... Read more

    Affected Products : file_manager
    • Published: Dec. 11, 2023
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-49417

    TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.... Read more

    Affected Products : a7000r_firmware a7000r
    • Published: Dec. 11, 2023
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-48425

    U-Boot vulnerability resulting in persistent Code Execution ... Read more

    Affected Products : android chromecast_firmware chromecast
    • Published: Dec. 11, 2023
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2023-42908

    Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2023
    • Modified: May. 27, 2025

  • 5.5

    MEDIUM
    CVE-2023-42884

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory.... Read more

    Affected Products : macos iphone_os tvos ipados
    • Published: Dec. 12, 2023
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-41117

    An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFI... Read more

    Affected Products : postgres_advanced_server
    • Published: Dec. 12, 2023
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2023-36652

    A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter.... Read more

    Affected Products : cryptospike
    • Published: Dec. 12, 2023
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2023-28465

    The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen ... Read more

    Affected Products : hl7_fhir_core
    • Published: Dec. 12, 2023
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-41320

    Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a net... Read more

    Affected Products : system_recovery
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2022-41319

    A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7).... Read more

    Affected Products : desktop_and_laptop_option
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-40869

    Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-40865

    Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025
Showing 20 of 292837 Results