Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-22143

    The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. **Note:** This vulnerability derives from an incomplete fix of another [vulnerability](https://security.snyk.io/vuln/SN... Read more

    Affected Products : convict
    • EPSS Score: %0.85
    • Published: May. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27174

    Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score l... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39862

    Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.... Read more

    Affected Products : android dex dynamic_lockscreen
    • EPSS Score: %0.27
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22087

    route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.... Read more

    Affected Products : pico_http_server_in_c
    • EPSS Score: %4.83
    • Published: Jan. 05, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-27438

    Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbi... Read more

    Affected Products : doris
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-27447

    pretix before 2024.1.1 mishandles file validation.... Read more

    Affected Products : pretix
    • Published: Feb. 26, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-27844

    SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component.... Read more

    Affected Products : leurlrewrite
    • EPSS Score: %0.22
    • Published: Apr. 17, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-22729

    NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.... Read more

    Affected Products : mw5360_firmware mw5360
    • EPSS Score: %90.81
    • Published: Jan. 25, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-27853

    NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.... Read more

    Affected Products : rax30_firmware rax30
    • EPSS Score: %2.52
    • Published: Mar. 10, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-27836

    TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.... Read more

    Affected Products : tl-wpa8630p_firmware tl-wpa8630p
    • EPSS Score: %1.06
    • Published: Jun. 13, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-27710

    An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism.... Read more

    Affected Products : eskooly
    • Published: Jul. 05, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-22902

    Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.... Read more

    Affected Products : vinchin_backup_and_recovery
    • EPSS Score: %0.11
    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-22922

    An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php... Read more

    Affected Products : visitor_management_system_in_php
    • EPSS Score: %0.69
    • Published: Jan. 25, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-22923

    SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.... Read more

    Affected Products : adv_radius
    • EPSS Score: %0.14
    • Published: Feb. 13, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-22942

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • EPSS Score: %3.13
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2019-7271

    Nortek Linear eMerge 50P/5000P devices have Default Credentials.... Read more

    • EPSS Score: %0.24
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22338

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end d... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.08
    • Published: Jan. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-28123

    Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the d... Read more

    Affected Products : wasmi
    • Published: Mar. 21, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-40122

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php.... Read more

    Affected Products : online_banking_system
    • EPSS Score: %0.08
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-0739

    The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), ... Read more

    Affected Products : bookingpress
    • EPSS Score: %73.20
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291219 Results