Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-6026

    A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input.... Read more

    Affected Products : phpmemcachedadmin
    • EPSS Score: %1.09
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42537

    Remote code execution... Read more

    Affected Products : android
    • EPSS Score: %2.43
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3631

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123.  NOTE: The vendor ... Read more

    Affected Products : medart_notification_panel
    • EPSS Score: %0.06
    • Published: Nov. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4149

    A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request hand... Read more

    • EPSS Score: %0.32
    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24162

    Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.... Read more

    Affected Products : hutool
    • EPSS Score: %0.15
    • Published: Jan. 31, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-48028

    kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.... Read more

    Affected Products : kodbox
    • EPSS Score: %0.30
    • Published: Nov. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-45387

    In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`... Read more

    Affected Products : exportproducts
    • EPSS Score: %0.07
    • Published: Nov. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-5245

    FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported t... Read more

    Affected Products : mleap
    • EPSS Score: %0.33
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7498

    A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which coul... Read more

    Affected Products : os_loader unity_loader
    • EPSS Score: %0.49
    • Published: Jun. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27843

    SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component.... Read more

    Affected Products : ask_for_a_quote
    • EPSS Score: %0.20
    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-36193

    SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.... Read more

    • EPSS Score: %1.04
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2018-15520

    Various Lexmark devices have a Buffer Overflow (issue 2 of 2).... Read more

    • EPSS Score: %0.54
    • Published: Jun. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13025

    Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device,... Read more

    Affected Products : ch7465lg_firmware ch7465lg
    • EPSS Score: %10.81
    • Published: Oct. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7614

    npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly.... Read more

    Affected Products : npm-programmatic
    • EPSS Score: %1.35
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41403

    flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities.... Read more

    Affected Products : flatcore-cms
    • EPSS Score: %0.49
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-11383

    SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.... Read more

    Affected Products : control_manager
    • EPSS Score: %7.24
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2019-0403

    SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.... Read more

    Affected Products : enable_now
    • EPSS Score: %6.68
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22987

    The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.... Read more

    Affected Products : adam-3600_firmware adam-3600
    • EPSS Score: %0.20
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-35080

    An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file.... Read more

    Affected Products : inxedu inxedu
    • Published: May. 23, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-22319

    A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability.... Read more

    Affected Products : milesightvpn milesight
    • EPSS Score: %0.02
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291878 Results