Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-13354

    The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6.... Read more

    Affected Products : strong_password
    • EPSS Score: %0.73
    • Published: Jul. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0787

    The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections... Read more

    Affected Products : limit_login_attempts
    • EPSS Score: %44.43
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6333

    The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be c... Read more

    Affected Products : nuclide
    • EPSS Score: %1.12
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2020-36034

    SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.... Read more

    Affected Products : school_faculty_scheduling_system
    • EPSS Score: %1.10
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3693

    A vulnerability classified as critical was found in SourceCodester Life Insurance Management System 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be ini... Read more

    Affected Products : life_insurance_management_system
    • EPSS Score: %0.05
    • Published: Jul. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-3615

    Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Elec... Read more

    • EPSS Score: %0.34
    • Published: Jun. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0789

    Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. ... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %1.44
    • Published: Feb. 12, 2023
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-25525

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2021-34565

    In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.... Read more

    • EPSS Score: %0.35
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-29061

    An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN... Read more

    • EPSS Score: %0.38
    • Published: Nov. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9006

    The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creatio... Read more

    Affected Products : popup_builder
    • EPSS Score: %41.25
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0362

    SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.... Read more

    Affected Products : showdoc
    • EPSS Score: %0.27
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9023

    Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password.... Read more

    • EPSS Score: %0.35
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40212

    An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to code execution, information disclosure, and denial of service.... Read more

    Affected Products : potplayer
    • EPSS Score: %1.15
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34622

    A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. ... Read more

    Affected Products : profilepress
    • EPSS Score: %0.74
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-34646

    Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link funct... Read more

    Affected Products : booster_for_woocommerce
    • EPSS Score: %24.00
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0256

    A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Use... Read more

    • EPSS Score: %0.04
    • Published: Jan. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-54923

    A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-3993

    Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. ... Read more

    Affected Products : kavita
    • EPSS Score: %0.78
    • Published: Nov. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26634

    SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these ... Read more

    Affected Products : linux_kernel maxboard
    • EPSS Score: %0.47
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291756 Results