Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-36976

    This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a us... Read more

    Affected Products : avalanche
    • EPSS Score: %2.13
    • Published: Mar. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36981

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spe... Read more

    Affected Products : avalanche
    • EPSS Score: %31.60
    • Published: Mar. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27757

    An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file.... Read more

    Affected Products : perfreeblog
    • EPSS Score: %0.11
    • Published: Mar. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27821

    Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter.... Read more

    Affected Products : databasir
    • EPSS Score: %1.01
    • Published: Mar. 28, 2023
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2017-6550

    Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.... Read more

    Affected Products : infor-lawson
    • EPSS Score: %3.14
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-37128

    In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %13.86
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37199

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.... Read more

    Affected Products : jfinal_cms
    • EPSS Score: %0.23
    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37204

    Final CMS 5.1.0 is vulnerable to SQL Injection.... Read more

    Affected Products : jfinal_cms
    • EPSS Score: %0.46
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-37223

    JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.... Read more

    Affected Products : jfinal_cms
    • EPSS Score: %0.23
    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22253

    Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitr... Read more

    • EPSS Score: %0.62
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22452

    SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %2.87
    • Published: Jan. 26, 2023
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2020-22819

    MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.... Read more

    Affected Products : mkcms
    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-13167

    Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.... Read more

    Affected Products : netsweeper
    • EPSS Score: %93.13
    • Published: May. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6639

    An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d.... Read more

    Affected Products : mathtype
    • EPSS Score: %4.24
    • Published: Feb. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38325

    Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile.... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • EPSS Score: %0.19
    • Published: Sep. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28667

    The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. The tve_labels parameter of the tve_api_form_submit action is passed to the PHP unserialize() function without being sanitized or veri... Read more

    Affected Products : lead_generated
    • EPSS Score: %0.57
    • Published: Mar. 22, 2023
    • Modified: Feb. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-43762

     Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages ... Read more

    Affected Products : industrial_automation_aprol
    • EPSS Score: %0.21
    • Published: Feb. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38886

    The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-xml
    • EPSS Score: %0.36
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23448

    newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.... Read more

    Affected Products : newbee-mall
    • EPSS Score: %0.40
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43976

    An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication.... Read more

    Affected Products : ms_3000_firmware ms_3000
    • EPSS Score: %0.09
    • Published: Jan. 17, 2023
    • Modified: Apr. 07, 2025
Showing 20 of 291712 Results