Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-16722

    ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation.... Read more

    Affected Products : zzzphp
    • Published: Sep. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0781

    A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack ... Read more

    Affected Products : canteen_management_system
    • Published: Feb. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-3206

    The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potential... Read more

    Affected Products : flamingo
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20700

    Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlie... Read more

    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26249

    Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.... Read more

    Affected Products : surveyking
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23403

    All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.... Read more

    Affected Products : ts-nodash
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14485

    OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.... Read more

    Affected Products : openclinic_ga
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16850

    Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.... Read more

    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6873

    Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : hhvm
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-2152

    A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to f... Read more

    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-35422

    Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php.... Read more

    Affected Products : web_based_quiz_system
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17674

    BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery ... Read more

    Affected Products : remedy_mid-tier
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10643

    Contao 4.7 allows Use of a Key Past its Expiration Date.... Read more

    Affected Products : contao contao_cms
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16168

    LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors.... Read more

    Affected Products : logontracer
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34880

    cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion.... Read more

    Affected Products : cmseasy
    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-0701

    In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privile... Read more

    Affected Products : android
    • Published: Jun. 15, 2023
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2019-17275

    OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.... Read more

    Affected Products : oncommand_cloud_manager
    • Published: Feb. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3000

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602. ... Read more

    Affected Products : energy_monitoring
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24627

    An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.... Read more

    Affected Products : device_manager_express
    • Published: May. 29, 2023
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2021-26232

    SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php.... Read more

    Affected Products : simple_college_website
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292786 Results