Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2015-4615

    Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables... Read more

    Affected Products : easy2map-photos
    • EPSS Score: %0.76
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17408

    parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.... Read more

    Affected Products : zzzphp
    • EPSS Score: %1.97
    • Published: Oct. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-23412

    All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.... Read more

    Affected Products : gitlogplus
    • EPSS Score: %3.92
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-20601

    An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.... Read more

    Affected Products : thinkcmf
    • EPSS Score: %0.45
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14502

    controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.... Read more

    Affected Products : chained_quiz
    • EPSS Score: %4.48
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51656

    Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.... Read more

    Affected Products : iotdb
    • EPSS Score: %0.54
    • Published: Dec. 21, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-35898

    OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.... Read more

    Affected Products : bizmanager
    • EPSS Score: %0.09
    • Published: May. 01, 2023
    • Modified: Jan. 30, 2025

  • 9.8

    CRITICAL
    CVE-2020-17485

    A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources... Read more

    Affected Products : gps_tracker
    • EPSS Score: %0.31
    • Published: Dec. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-23315

    The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call ... Read more

    Affected Products : stripe_payment_pro
    • EPSS Score: %0.07
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-47254

    An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.... Read more

    Affected Products : vigor167_firmware vigor167
    • EPSS Score: %2.46
    • Published: Dec. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48424

    U-Boot shell vulnerability resulting in Privilege escalation in a production device... Read more

    Affected Products : android chromecast_firmware chromecast
    • EPSS Score: %0.06
    • Published: Dec. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39169

    The affected devices use publicly available default credentials with administrative privileges.... Read more

    • EPSS Score: %0.28
    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-6067

    An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted TIFF file can cause an out-of-bounds write, resulting in a remote code execution. An attacker ne... Read more

    Affected Products : imagegear
    • EPSS Score: %2.38
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14942

    Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.... Read more

    Affected Products : tendenci
    • EPSS Score: %0.40
    • Published: Jun. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-15007

    A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.... Read more

    Affected Products : tech_1 doom_vanille
    • EPSS Score: %2.00
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-1433

    Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the ... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.02
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12206

    njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.... Read more

    Affected Products : njs
    • EPSS Score: %0.40
    • Published: May. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20896

    WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter.... Read more

    Affected Products : webchess
    • EPSS Score: %0.24
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-11167

    FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.... Read more

    Affected Products : finecms
    • EPSS Score: %0.80
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-1557

    Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.... Read more

    • EPSS Score: %1.18
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291157 Results