Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-10734

    ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.... Read more

    Affected Products : projectsend
    • EPSS Score: %0.35
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38727

    FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items... Read more

    Affected Products : fuel_cms
    • EPSS Score: %1.24
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49621

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete co... Read more

    Affected Products : simatic_cn_4100
    • EPSS Score: %0.15
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14095

    In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.... Read more

    Affected Products : xiaomi_r3600_firmware xiaomi_r3600
    • EPSS Score: %2.22
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49236

    A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback functio... Read more

    Affected Products : tv-ip1314pi_firmware tv-ip1314pi
    • EPSS Score: %0.27
    • Published: Jan. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-49633

    Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database. ... Read more

    Affected Products : billing_software billing_system
    • EPSS Score: %0.07
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-21401

    In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • EPSS Score: %0.10
    • Published: Dec. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50035

    PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.... Read more

    Affected Products : small_crm
    • EPSS Score: %0.07
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50147

    There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.... Read more

    Affected Products : a3700r_firmware a3700r
    • EPSS Score: %1.19
    • Published: Dec. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51017

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi.... Read more

    Affected Products : ex1800t_firmware ex1800t
    • EPSS Score: %0.29
    • Published: Dec. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48716

    Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.... Read more

    • EPSS Score: %0.15
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14440

    An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter.... Read more

    Affected Products : ssh_companywebsite
    • EPSS Score: %0.26
    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6558

    A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be execute... Read more

    • EPSS Score: %4.24
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000219

    npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user... Read more

    Affected Products : windows-cpu
    • EPSS Score: %3.34
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-18362

    ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download a... Read more

    Affected Products : manageditsync
    • Actively Exploited
    • EPSS Score: %49.18
    • Published: Feb. 05, 2019
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2018-14501

    manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.... Read more

    Affected Products : joyplus-cms joyplus-cms
    • EPSS Score: %0.26
    • Published: Jul. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18531

    text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote at... Read more

    Affected Products : kaptcha
    • EPSS Score: %0.36
    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14515

    A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.51
    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10231

    Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).... Read more

    • EPSS Score: %0.31
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10232

    Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.... Read more

    • EPSS Score: %85.86
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291793 Results