Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-34053

    The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.... Read more

    Affected Products : dr-web-engine
    • EPSS Score: %0.70
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5986

    SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.... Read more

    Affected Products : easycarscript
    • EPSS Score: %1.08
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39180

    College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page ... Read more

    Affected Products : college_management_system
    • EPSS Score: %0.07
    • Published: Nov. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39266

    isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code... Read more

    Affected Products : isolated-vm
    • EPSS Score: %0.05
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-12443

    BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a... Read more

    Affected Products : bigbluebutton
    • EPSS Score: %0.85
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34577

    A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products : wn535g3_firmware wn535g3
    • EPSS Score: %2.17
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-2552

    Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.... Read more

    Affected Products : collected_information_export
    • EPSS Score: %3.33
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-15921

    Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.... Read more

    Affected Products : eframework
    • EPSS Score: %18.99
    • Published: Jul. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34945

    Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php.... Read more

    Affected Products : pharmacy_management_system
    • EPSS Score: %0.25
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21012

    Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Detail... Read more

    • EPSS Score: %15.19
    • Published: Oct. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21016

    D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.... Read more

    Affected Products : dir-846_firmware dir-846
    • EPSS Score: %3.98
    • Published: Oct. 31, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-20587

    Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket versions ... Read more

    • EPSS Score: %6.95
    • Published: Feb. 19, 2021
    • Modified: Jun. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-25693

    Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. ... Read more

    • EPSS Score: %0.48
    • Published: Feb. 24, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-25696

    Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. ... Read more

    • EPSS Score: %0.48
    • Published: Feb. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-12684

    XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser.... Read more

    Affected Products : clear_reports i-net_clear_reports
    • EPSS Score: %0.43
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25805

    versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. This issue is patched in version 1.1.0.... Read more

    Affected Products : versionn
    • EPSS Score: %0.81
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40624

    pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.... Read more

    Affected Products : pfblockerng
    • EPSS Score: %90.01
    • Published: Dec. 20, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-40628

    This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An un... Read more

    • EPSS Score: %1.49
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19082

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field.... Read more

    • EPSS Score: %1.89
    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-35524

    WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.... Read more

    • EPSS Score: %5.20
    • Published: Aug. 10, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291736 Results