Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-17674

    BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery ... Read more

    Affected Products : remedy_mid-tier
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10643

    Contao 4.7 allows Use of a Key Past its Expiration Date.... Read more

    Affected Products : contao contao_cms
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16168

    LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors.... Read more

    Affected Products : logontracer
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34880

    cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion.... Read more

    Affected Products : cmseasy
    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-0701

    In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privile... Read more

    Affected Products : android
    • Published: Jun. 15, 2023
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2019-17275

    OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.... Read more

    Affected Products : oncommand_cloud_manager
    • Published: Feb. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3000

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602. ... Read more

    Affected Products : energy_monitoring
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24627

    An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.... Read more

    Affected Products : device_manager_express
    • Published: May. 29, 2023
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2021-26232

    SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php.... Read more

    Affected Products : simple_college_website
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12898

    Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e.... Read more

    Affected Products : devicenet_builder
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22884

    Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code.... Read more

    Affected Products : espruino
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23412

    All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.... Read more

    Affected Products : gitlogplus
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-20601

    An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.... Read more

    Affected Products : thinkcmf
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14502

    controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.... Read more

    Affected Products : chained_quiz
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51656

    Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.... Read more

    Affected Products : iotdb
    • Published: Dec. 21, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-35898

    OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.... Read more

    Affected Products : bizmanager
    • Published: May. 01, 2023
    • Modified: Jan. 30, 2025

  • 9.8

    CRITICAL
    CVE-2020-17485

    A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources... Read more

    Affected Products : gps_tracker
    • Published: Dec. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-23315

    The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call ... Read more

    Affected Products : stripe_payment_pro
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-47254

    An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.... Read more

    Affected Products : vigor167_firmware vigor167
    • Published: Dec. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48424

    U-Boot shell vulnerability resulting in Privilege escalation in a production device... Read more

    Affected Products : android chromecast_firmware chromecast
    • Published: Dec. 11, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293333 Results