Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-35987

    PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. ... Read more

    Affected Products : m-bus_900s_firmware m-bus_900s
    • EPSS Score: %0.09
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46255

    An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new conten... Read more

    Affected Products : enterprise_server
    • EPSS Score: %4.38
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-46326

    Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.12
    • Published: Dec. 20, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-36559

    Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi.... Read more

    • EPSS Score: %1.17
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0090

    The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non... Read more

    Affected Products : enterprise_protection
    • EPSS Score: %0.29
    • Published: Mar. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-3576

    inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserController#deleteFavorite (aka deleteFavorite in ... Read more

    Affected Products : inxedu
    • EPSS Score: %0.26
    • Published: Jan. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46591

    TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reject_url parameter in the reject (sub_41BD60) function.... Read more

    Affected Products : tew-755ap_firmware tew-755ap
    • EPSS Score: %0.12
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-4681

    The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.... Read more

    Affected Products : hide_my_wp
    • EPSS Score: %3.62
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-4693

    The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is ... Read more

    Affected Products : user_verification
    • EPSS Score: %2.49
    • Published: Jan. 23, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2021-39377

    A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through the index.php username parameter.... Read more

    Affected Products : opensis
    • EPSS Score: %7.00
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3689

    A vulnerability classified as critical was found in Bylancer QuickQR 6.3.7. Affected by this vulnerability is an unknown functionality of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The... Read more

    Affected Products : quickqr
    • EPSS Score: %0.04
    • Published: Jul. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0580

    Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the service... Read more

    Affected Products : my_control_system
    • EPSS Score: %0.21
    • Published: Apr. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47420

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12.... Read more

    Affected Products : accessibility_suite_by_online_ada
    • EPSS Score: %0.22
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3725

    Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem... Read more

    Affected Products : zephyr
    • EPSS Score: %0.56
    • Published: Oct. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3694

    A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument keywords/location ... Read more

    Affected Products : house_rental_and_property_listing
    • EPSS Score: %0.05
    • Published: Jul. 17, 2023
    • Modified: Mar. 04, 2025

  • 9.8

    CRITICAL
    CVE-2022-47635

    Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php.... Read more

    Affected Products : wms
    • EPSS Score: %0.08
    • Published: Dec. 21, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-3827

    A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The atta... Read more

    Affected Products : centreon
    • EPSS Score: %0.04
    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47860

    Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.... Read more

    Affected Products : lead_management_system
    • EPSS Score: %0.07
    • Published: Jan. 11, 2023
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-47949

    The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffer overflow, aka ENLBufferPwn. The victim must join a ga... Read more

    • EPSS Score: %52.58
    • Published: Dec. 24, 2022
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-48122

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %1.45
    • Published: Jan. 20, 2023
    • Modified: Apr. 03, 2025
Showing 20 of 291737 Results