Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-50090

    Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.... Read more

    Affected Products : ureport2
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-49665

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database. ... Read more

    Affected Products : billing_software billing_system
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49689

    Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. ... Read more

    Affected Products : job_portal
    • Published: Dec. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34268

    An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.... Read more

    Affected Products : worldserver
    • Published: Dec. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-0870

    The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.... Read more

    Affected Products : ffmpeg
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000194

    October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.... Read more

    Affected Products : october
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-14564

    An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.... Read more

    Affected Products : thulac
    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14579

    GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Information" "Table prefix" form field, or obtain sensitive inform... Read more

    Affected Products : golemcms
    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-33434

    An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` str... Read more

    Affected Products :
    • Published: May. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3921

    The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE... Read more

    Affected Products : listingo
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-37832

    Mutiny 7.2.0-10788 suffers from Hardcoded root password.... Read more

    Affected Products : mutiny
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 9.8

    CRITICAL
    CVE-2018-14728

    upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.... Read more

    Affected Products : responsive_filemanager
    • Published: Aug. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9142

    External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls.This issue affects e-Belediye: before 2.0.642.... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Oct. 14, 2024

  • 9.8

    CRITICAL
    CVE-2017-1002009

    Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.... Read more

    Affected Products : membership_simplified
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2019-16722

    ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation.... Read more

    Affected Products : zzzphp
    • Published: Sep. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0781

    A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack ... Read more

    Affected Products : canteen_management_system
    • Published: Feb. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-3206

    The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potential... Read more

    Affected Products : flamingo
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20700

    Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlie... Read more

    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26249

    Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.... Read more

    Affected Products : surveyking
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23403

    All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.... Read more

    Affected Products : ts-nodash
    • Published: Jul. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294274 Results