Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2015-10050

    A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The... Read more

    Affected Products : mirna_database_by_php_mysql
    • EPSS Score: %0.05
    • Published: Jan. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-10062

    A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to addres... Read more

    Affected Products : galaxy
    • EPSS Score: %0.08
    • Published: Jan. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11309

    Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request.... Read more

    Affected Products : membermouse
    • EPSS Score: %2.00
    • Published: May. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25190

    l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.... Read more

    Affected Products : l8w8jwt
    • EPSS Score: %0.04
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-10086

    A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remo... Read more

    Affected Products : server-php
    • EPSS Score: %0.04
    • Published: Feb. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27165

    CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus... Read more

    Affected Products : csz_cms
    • EPSS Score: %0.23
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0401

    Path Traversal in NPM w-zip prior to 1.0.12.... Read more

    Affected Products : w-zip
    • EPSS Score: %0.68
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10887

    This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections.... Read more

    • EPSS Score: %0.29
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10921

    This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.e... Read more

    • EPSS Score: %9.47
    • Published: Jul. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35879

    An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut.... Read more

    Affected Products : rulinalg
    • EPSS Score: %0.43
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-31784

    A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow att... Read more

    • EPSS Score: %1.67
    • Published: Jun. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36480

    The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client... Read more

    Affected Products : aerospike_java_client
    • EPSS Score: %2.86
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3003

    A vulnerability classified as critical was found in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_prices.php of the component GET Parameter Handler. The manipulation of the... Read more

    Affected Products : train_station_ticketing_system
    • EPSS Score: %0.06
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-31874

    ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.... Read more

    Affected Products : rt-n53_firmware rt-n53
    • EPSS Score: %19.09
    • Published: Jun. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-31951

    Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type.... Read more

    Affected Products : rescue_dispatch_management_system
    • EPSS Score: %0.25
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11482

    /usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.... Read more

    • EPSS Score: %0.48
    • Published: May. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25307

    Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."... Read more

    Affected Products : cinema_seat_reservation_system
    • EPSS Score: %0.18
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-43187

    A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.... Read more

    Affected Products : nodebb
    • EPSS Score: %90.55
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-56801

    Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability.... Read more

    Affected Products : tasklists
    • Published: Dec. 30, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-43216

    SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.... Read more

    Affected Products : seacms
    • EPSS Score: %0.36
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291756 Results