Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-11967

    In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating ... Read more

    Affected Products : iqrouter_firmware iqrouter
    • EPSS Score: %0.84
    • Published: Apr. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43980

    Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.... Read more

    Affected Products : testsitecreator
    • EPSS Score: %0.16
    • Published: Oct. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-44022

    Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.... Read more

    Affected Products : ac10u_firmware ac10u_firmware ac10u
    • EPSS Score: %0.42
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34213

    TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function.... Read more

    Affected Products : cp450_firmware cp450
    • Published: May. 14, 2024
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-34989

    In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().'... Read more

    Affected Products : prestashop
    • Published: Jun. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9302

    The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is due to the verify_otp_forgot_password() and update_passwo... Read more

    Affected Products : app_builder
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2012-10001

    The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts.... Read more

    Affected Products : limit_login_attempts
    • EPSS Score: %0.77
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0935

    A vulnerability was found in DolphinPHP up to 1.5.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file common.php of the component Incomplete Fix CVE-2021-46097. The manipulation of the argument id le... Read more

    Affected Products : dolphinphp
    • EPSS Score: %0.87
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36161

    Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some ... Read more

    Affected Products : dubbo
    • EPSS Score: %2.73
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12421

    LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a st... Read more

    • EPSS Score: %1.04
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10824

    An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is ... Read more

    • EPSS Score: %44.03
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-12043

    The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted.... Read more

    • EPSS Score: %0.25
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12531

    An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.... Read more

    Affected Products : metinfo
    • EPSS Score: %0.99
    • Published: Jun. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9148

    Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for ... Read more

    Affected Products : my_cloud_firmware my_cloud
    • EPSS Score: %5.64
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28420

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.... Read more

    Affected Products : baby_care_system
    • EPSS Score: %0.25
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15986

    CPA Lead Reward Script allows SQL Injection via the username parameter.... Read more

    Affected Products : cpa_lead_reward_script
    • EPSS Score: %1.41
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-36393

    In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.... Read more

    Affected Products : moodle
    • EPSS Score: %11.26
    • Published: Mar. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9247

    The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php... Read more

    Affected Products : gxlcms_qy
    • EPSS Score: %0.99
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12640

    The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100.... Read more

    Affected Products : 2864-222_firmware 2864-222
    • EPSS Score: %0.46
    • Published: Jun. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49693

    NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code. ... Read more

    Affected Products : prosafe_network_management_system
    • EPSS Score: %0.72
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292247 Results