Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-41400

    Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL co... Read more

    Affected Products : sage_300
    • EPSS Score: %0.07
    • Published: Apr. 28, 2023
    • Modified: Jan. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-41443

    phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.... Read more

    Affected Products : phpipam
    • EPSS Score: %0.58
    • Published: Oct. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41495

    ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.... Read more

    Affected Products : clippercms
    • EPSS Score: %0.12
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-31457

    A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.... Read more

    Affected Products : mivoice_connect
    • EPSS Score: %0.52
    • Published: May. 24, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2022-46764

    A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.... Read more

    Affected Products : windows server
    • EPSS Score: %10.70
    • Published: Dec. 27, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-31587

    Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.... Read more

    Affected Products : ac5_firmware ac5
    • EPSS Score: %1.92
    • Published: May. 16, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-46954

    Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction.... Read more

    • EPSS Score: %0.07
    • Published: Jan. 13, 2023
    • Modified: Apr. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-31814

    D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.... Read more

    Affected Products : dir-300_firmware dir-300
    • EPSS Score: %0.18
    • Published: May. 23, 2023
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-47445

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0. ... Read more

    Affected Products : be-popia-compliant
    • EPSS Score: %0.21
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13814

    An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary.... Read more

    Affected Products : phantompdf reader
    • EPSS Score: %0.03
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32227

    Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials... Read more

    Affected Products : synergy\/a_firmware synergy\/a
    • EPSS Score: %0.08
    • Published: Jul. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42042

    The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-networking
    • EPSS Score: %0.13
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2020-13831

    An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020).... Read more

    Affected Products : android exynos_7570
    • EPSS Score: %0.15
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42665

    An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.... Read more

    Affected Products : engineers_online_portal
    • EPSS Score: %5.41
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47862

    Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.... Read more

    Affected Products : lead_management_system
    • EPSS Score: %0.07
    • Published: Jan. 11, 2023
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-48130

    Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.... Read more

    Affected Products : w20e_firmware w20e
    • EPSS Score: %0.13
    • Published: Feb. 02, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-3249

    The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possi... Read more

    • EPSS Score: %0.09
    • Published: Jun. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4248

    A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiat... Read more

    Affected Products : movie_ticket_booking_system
    • EPSS Score: %0.04
    • Published: Dec. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32567

    Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236... Read more

    Affected Products : avalanche
    • EPSS Score: %0.37
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48284

    A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.... Read more

    Affected Products : hilink_ai_life
    • EPSS Score: %0.10
    • Published: Feb. 27, 2023
    • Modified: Mar. 11, 2025
Showing 20 of 291736 Results