Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-12149

    SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands.... Read more

    Affected Products : registry restfulserver
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46527

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46545

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc.... Read more

    Affected Products : x2000r_firmware x2000r
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10238

    bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlc_bdt_forward_npdu() calls bvlc_en... Read more

    Affected Products : bacnet_protocol_stack
    • Published: Apr. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3013

    A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate t... Read more

    Affected Products : simple_task_managing_system
    • Published: Aug. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7095

    Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.... Read more

    Affected Products : exponent_cms
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-4662

    Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9. ... Read more

    Affected Products : connect
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26092

    Liima before 1.17.28 allows server-side template injection.... Read more

    Affected Products : liima
    • Published: Feb. 20, 2023
    • Modified: Mar. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-33329

    Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger ... Read more

    Affected Products : r1510_firmware r1510
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9558

    Multiple SQL injection vulnerabilities in SmartCMS v.2.... Read more

    Affected Products : smartcms
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-29285

    SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.... Read more

    Affected Products : point_of_sales_in_php\/pdo
    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43400

    A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators ... Read more

    Affected Products : siveillance_video_mobile_server
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2019-17184

    Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges.... Read more

    • Published: Oct. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-30284

    In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with ar... Read more

    Affected Products : python-libnmap
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10055

    A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the... Read more

    • Published: Aug. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25688

    Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wea... Read more

    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5432

    The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible f... Read more

    Affected Products : lifeline_donation
    • Published: Jun. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6300

    Remote password change in Hanwha Techwin Smartcams... Read more

    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38584

    In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication. ... Read more

    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36657

    An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.... Read more

    Affected Products : metadefender_kiosk
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293335 Results