Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-26042

    An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php... Read more

    Affected Products : hoosk
    • EPSS Score: %0.26
    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45390

    @blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrus... Read more

    Affected Products : template
    • Published: Sep. 03, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2025-44148

    Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component... Read more

    Affected Products : mailenable
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2022-46493

    Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.... Read more

    Affected Products : nbnbk
    • EPSS Score: %0.09
    • Published: Dec. 22, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-46585

    TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTE_USER parameter in the get_access (sub_45AC2C) function.... Read more

    Affected Products : tew-755ap_firmware tew-755ap
    • EPSS Score: %0.12
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2019-10522

    While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearabl... Read more

    • EPSS Score: %0.44
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46732

    Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.... Read more

    Affected Products : proficy_historian
    • EPSS Score: %0.33
    • Published: Jan. 18, 2023
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-41637

    An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.... Read more

    Affected Products : realgimm
    • EPSS Score: %0.44
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37146

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.... Read more

    Affected Products : lr350_firmware lr350
    • EPSS Score: %1.45
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1737

    A vulnerability, which was classified as critical, was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible ... Read more

    • EPSS Score: %0.04
    • Published: Mar. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41790

    Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pando... Read more

    Affected Products : pandora_fms
    • EPSS Score: %0.14
    • Published: Nov. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4182

    A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initi... Read more

    • EPSS Score: %0.05
    • Published: Aug. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-46612

    IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.... Read more

    Affected Products : icecms icecms
    • Published: Sep. 25, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-27143

    Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vu... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42556

    Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.... Read more

    Affected Products : hotel_management_system
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-41875

    Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6.... Read more

    Affected Products : wp_directory_kit
    • Published: Dec. 13, 2024
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-42639

    H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.... Read more

    • Published: Aug. 16, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-23358

    EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.... Read more

    Affected Products : easycms
    • EPSS Score: %0.26
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42783

    Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter.... Read more

    Affected Products : music_management_system
    • Published: Aug. 21, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-42813

    In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execu... Read more

    Affected Products : tew-752dru_firmware tew-752dru
    • Published: Aug. 19, 2024
    • Modified: Apr. 01, 2025
Showing 20 of 292316 Results