Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-37642

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck .... Read more

    Affected Products : tew-814dap_firmware tew-814dap
    • Published: Jun. 14, 2024
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37643

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth .... Read more

    Affected Products : tew-814dap_firmware tew-814dap
    • Published: Jun. 14, 2024
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37645

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog .... Read more

    Affected Products : tew-814dap_firmware tew-814dap
    • Published: Jun. 14, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-38902

    H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products : magic_r230_firmware magic_r230
    • Published: Jun. 24, 2024
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2024-31374

    Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. ... Read more

    Affected Products : apppresser
    • Published: Apr. 15, 2024
    • Modified: May. 27, 2025

  • 4.1

    MEDIUM
    CVE-2024-38903

    H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.... Read more

    Affected Products : magic_r230_firmware magic_r230
    • Published: Jun. 24, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-42637

    H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products : r3010_firmware r3010
    • Published: Aug. 16, 2024
    • Modified: May. 27, 2025

  • 8.0

    HIGH
    CVE-2025-5100

    A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-26466

    A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client m... Read more

    • Published: Feb. 28, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2023-50456

    An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name.... Read more

    Affected Products : zammad
    • Published: Dec. 10, 2023
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2023-49485

    JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.... Read more

    Affected Products : jfinalcms
    • Published: Dec. 08, 2023
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2023-48928

    Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.... Read more

    Affected Products : system_sentinel_anyware
    • Published: Dec. 08, 2023
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2023-48421

    In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no ad... Read more

    Affected Products : android
    • Published: Dec. 08, 2023
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-46932

    Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.... Read more

    Affected Products : gpac
    • Published: Dec. 09, 2023
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2023-46494

    Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx.... Read more

    Affected Products : evershop
    • Published: Dec. 08, 2023
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2023-43743

    A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database ... Read more

    • Published: Dec. 08, 2023
    • Modified: May. 27, 2025

  • 7.2

    HIGH
    CVE-2022-40935

    Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_shop/classes/Master.php?f=delete_category,id.... Read more

    Affected Products : online_pet_shop_web_application
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.2

    HIGH
    CVE-2022-40934

    Online Pet Shop We App v1.0 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_sub_category,id... Read more

    Affected Products : online_pet_shop_web_application
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.2

    HIGH
    CVE-2022-40933

    Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_order,id.... Read more

    Affected Products : online_pet_shop_web_application
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.2

    HIGH
    CVE-2022-40932

    In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system.... Read more

    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025
Showing 20 of 293309 Results