Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-30495

    In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.36
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-30476

    Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.... Read more

    Affected Products : ac18_firmware ac18
    • EPSS Score: %0.39
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34601

    H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm.... Read more

    Affected Products : magic_r200_firmware magic_r200
    • EPSS Score: %0.44
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34613

    Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.... Read more

    Affected Products : mealie mealie
    • EPSS Score: %1.77
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10292

    A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be init... Read more

    Affected Products : zzcms
    • Published: Oct. 23, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2022-35150

    Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.... Read more

    Affected Products : baijiacms
    • EPSS Score: %0.42
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-35153

    FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.... Read more

    Affected Products : fusionpbx
    • EPSS Score: %5.32
    • Published: Aug. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36695

    Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockin.... Read more

    • EPSS Score: %0.32
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36709

    Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/edit_book_details.php.... Read more

    Affected Products : library_management_system
    • EPSS Score: %0.11
    • Published: Aug. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36749

    RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file.... Read more

    Affected Products : rpi-jukebox-rfid
    • EPSS Score: %10.20
    • Published: Aug. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37617

    Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js.... Read more

    Affected Products : browserify-shim
    • EPSS Score: %0.11
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37813

    Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime.... Read more

    Affected Products : ac1206_firmware ac1206
    • EPSS Score: %0.44
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9005

    IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.... Read more

    • EPSS Score: %0.49
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-3681

    Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code.... Read more

    Affected Products : -
    • EPSS Score: %0.24
    • Published: Jul. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36683

    Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment.... Read more

    Affected Products : simple_task_scheduling_system
    • EPSS Score: %0.32
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12071

    A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.... Read more

    Affected Products : codeigniter
    • EPSS Score: %0.42
    • Published: Jun. 17, 2018
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-42171

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-38309

    Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.... Read more

    Affected Products : ac18_firmware ac18
    • EPSS Score: %0.17
    • Published: Sep. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38314

    Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at /goform/saveParentControlInfo.... Read more

    Affected Products : ac18_firmware ac18
    • EPSS Score: %0.19
    • Published: Sep. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-35296

    An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.... Read more

    Affected Products : hg150-ub_firmware hg150-ub
    • EPSS Score: %0.40
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291736 Results