Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-38044

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.... Read more

    Affected Products : hikashop
    • EPSS Score: %0.09
    • Published: Aug. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-44411

    D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.... Read more

    Affected Products : di-8300_firmware di-8300
    • Published: Sep. 09, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-44623

    An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.... Read more

    Affected Products : spx_graphics_controller
    • Published: Sep. 16, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-44721

    SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php.... Read more

    Affected Products : seacms
    • Published: Sep. 09, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-44727

    Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.... Read more

    Affected Products : event_management_system
    • Published: Sep. 05, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2017-11445

    Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.... Read more

    Affected Products : subrion_cms
    • EPSS Score: %0.25
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-40883

    A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.... Read more

    Affected Products : emlog
    • EPSS Score: %9.08
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47615

    Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.... Read more

    Affected Products : learnpress
    • EPSS Score: %88.26
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15017

    A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrad... Read more

    Affected Products : media_upload
    • EPSS Score: %0.09
    • Published: Jan. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28427

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=read&msgid=.... Read more

    Affected Products : baby_care_system
    • EPSS Score: %0.25
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43199

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.... Read more

    Affected Products : di-7200g_firmware di-7200g
    • EPSS Score: %0.70
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43204

    D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter.... Read more

    Affected Products : dwl-6610ap_firmware dwl-6610ap
    • EPSS Score: %1.50
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45493

    An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for th... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2023-4336

    Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute... Read more

    Affected Products : raid_controller_web_interface
    • EPSS Score: %0.09
    • Published: Aug. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50918

    app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.... Read more

    Affected Products : misp
    • EPSS Score: %0.23
    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2055

    The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.... Read more

    Affected Products :
    • Published: Mar. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30194

    Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().... Read more

    Affected Products : poststaticfooter
    • EPSS Score: %4.99
    • Published: May. 10, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-28623

    Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd l... Read more

    • EPSS Score: %0.61
    • Published: Jul. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38632

    async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets.... Read more

    Affected Products : asynchronous_sockets_for_c\+\+
    • EPSS Score: %26.78
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24010

    A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerabil... Read more

    • EPSS Score: %0.54
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292048 Results