Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-17377

    SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.... Read more

    Affected Products : questions
    • EPSS Score: %2.64
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-32318

    Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function.... Read more

    Affected Products : ac500_firmware ac500
    • Published: Apr. 17, 2024
    • Modified: Mar. 17, 2025

  • 9.8

    CRITICAL
    CVE-2018-17777

    An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. T... Read more

    Affected Products : dva-5592_firmware dva-5592
    • EPSS Score: %0.47
    • Published: Dec. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-20378

    Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2269

    The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability (by default admins), leading to an SQL injection... Read more

    Affected Products : website_file_changes_monitor
    • EPSS Score: %0.52
    • Published: Aug. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-20384

    Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19415

    Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php.... Read more

    Affected Products : plikli_cms
    • EPSS Score: %0.53
    • Published: Jan. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37163

    Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier f... Read more

    Affected Products : ihatetobudget
    • EPSS Score: %0.05
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37265

    Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.... Read more

    Affected Products : steal
    • EPSS Score: %0.14
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-1788

    Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.... Read more

    Affected Products : firefly_iii
    • EPSS Score: %0.07
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41193

    wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has be... Read more

    Affected Products : wire-audio_video_signaling
    • EPSS Score: %1.55
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1753

    Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. ... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.06
    • Published: Mar. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9259

    In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce upd... Read more

    Affected Products : notary
    • EPSS Score: %0.61
    • Published: Mar. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1791

    A vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injecti... Read more

    Affected Products : simple_task_allocation_system
    • EPSS Score: %0.05
    • Published: Apr. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43350

    An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.... Read more

    Affected Products : traffic_control
    • EPSS Score: %2.86
    • Published: Nov. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12819

    Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.... Read more

    Affected Products : sentinel_ldk_rte_firmware
    • EPSS Score: %0.39
    • Published: Oct. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-9471

    The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.... Read more

    Affected Products : zoomsounds
    • EPSS Score: %5.00
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-5170

    The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.... Read more

    Affected Products : storage_api
    • EPSS Score: %8.27
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11773

    Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implem... Read more

    Affected Products : virtual_computing_lab
    • EPSS Score: %0.88
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2003-1233

    Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \... Read more

    Affected Products : integrity_protection_driver
    • EPSS Score: %0.15
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 291728 Results