Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-44193

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-33000

    The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges... Read more

    Affected Products : ml-scanner
    • EPSS Score: %0.42
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33004

    The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.... Read more

    Affected Products : beginner
    • EPSS Score: %0.70
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40471

    Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php... Read more

    • EPSS Score: %88.95
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-1269

    Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.... Read more

    Affected Products : easyappointments
    • EPSS Score: %0.37
    • Published: Mar. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9582

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : magento
    • EPSS Score: %3.23
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33174

    Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_pa... Read more

    • EPSS Score: %81.72
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4473

    A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a craf... Read more

    • EPSS Score: %39.94
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24781

    Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.... Read more

    Affected Products : funadmin
    • EPSS Score: %0.07
    • Published: Mar. 07, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-44807

    D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.... Read more

    Affected Products : dir-820l_firmware dir-820l
    • EPSS Score: %3.25
    • Published: Oct. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-38996

    ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrar... Read more

    Affected Products : ag-grid
    • Published: Jul. 01, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-28956

    An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.... Read more

    Affected Products : dir-816l_firmware dir-816l
    • EPSS Score: %40.91
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36880

    Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.... Read more

    Affected Products : ulisting
    • EPSS Score: %3.56
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33234

    Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables... Read more

    • EPSS Score: %0.10
    • Published: Nov. 15, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-29432

    Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas.... Read more

    Affected Products : alldata
    • Published: Apr. 02, 2024
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2018-12993

    onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields.... Read more

    Affected Products : onefilecms
    • EPSS Score: %0.52
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33256

    Memory corruption due to improper validation of array index in Multi-mode call processor.... Read more

    • EPSS Score: %0.09
    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-4958

    IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 192209.... Read more

    • EPSS Score: %0.47
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-35350

    A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/?page=borrow/view_borrow. Manipulating the argument id can result in SQL injection.... Read more

    Affected Products : dino_physics_school_assistant
    • Published: May. 30, 2024
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-1591

    A vulnerability classified as critical has been found in SourceCodester Automatic Question Paper Generator System 1.0. This affects an unknown part of the file classes/Users.php?f=save_ruser. The manipulation of the argument id/email leads to sql injectio... Read more

    • EPSS Score: %0.04
    • Published: Mar. 23, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292247 Results