Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-21307

    Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in version... Read more

    Affected Products : lucee_server
    • EPSS Score: %92.21
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29423

    Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.... Read more

    Affected Products : countdown_builder
    • EPSS Score: %0.46
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40615

    IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.... Read more

    • EPSS Score: %0.08
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45720

    IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters in the formIPMacBindModify function.... Read more

    Affected Products : m50_firmware m50
    • EPSS Score: %0.12
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-40864

    Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • EPSS Score: %0.17
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-40865

    Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • EPSS Score: %0.18
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2021-45986

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • EPSS Score: %2.08
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46502

    Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php.... Read more

    Affected Products : online_student_enrollment_system
    • EPSS Score: %2.89
    • Published: Jan. 13, 2023
    • Modified: Apr. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-31458

    A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial instal... Read more

    Affected Products : mivoice_connect
    • EPSS Score: %0.27
    • Published: May. 24, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-31541

    A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.... Read more

    Affected Products : ckeditor
    • EPSS Score: %4.21
    • Published: Jun. 13, 2023
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-47117

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet.... Read more

    Affected Products : a15_firmware a15
    • EPSS Score: %0.12
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-42039

    The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-lists
    • EPSS Score: %0.13
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-32336

    IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285.... Read more

    • EPSS Score: %0.19
    • Published: May. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47853

    TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %1.45
    • Published: Jan. 17, 2023
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-3237

    A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to t... Read more

    Affected Products : otcms
    • EPSS Score: %0.07
    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48255

    There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution.... Read more

    Affected Products : bisheng-wnm_firmware bisheng-wnm
    • EPSS Score: %1.67
    • Published: Feb. 27, 2023
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-42744

    CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks.... Read more

    Affected Products : candidats
    • EPSS Score: %0.35
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-4855

    A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch th... Read more

    Affected Products : lead_management_system
    • EPSS Score: %2.68
    • Published: Dec. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46013

    An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_... Read more

    Affected Products : free_school_management_software
    • EPSS Score: %2.40
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-24987

    Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the ad... Read more

    Affected Products : ac18_firmware ac18
    • EPSS Score: %2.65
    • Published: Sep. 04, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292727 Results