Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-2216

    Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.... Read more

    Affected Products : parse-url
    • EPSS Score: %0.20
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24752

    SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQ... Read more

    Affected Products : sylius syliusgridbundle
    • EPSS Score: %0.53
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33719

    Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.... Read more

    Affected Products : android dex
    • EPSS Score: %0.16
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2679

    A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0... Read more

    Affected Products : interview_management_system
    • EPSS Score: %0.23
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45551

    An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint.... Read more

    Affected Products : we1626_firmware we1626
    • EPSS Score: %11.88
    • Published: Mar. 03, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-30013

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.... Read more

    Affected Products : x5000r_firmware x5000r
    • EPSS Score: %91.75
    • Published: May. 05, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-1268

    A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely... Read more

    Affected Products : restaurant_pos_system
    • EPSS Score: %0.06
    • Published: Feb. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30054

    TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %4.12
    • Published: May. 05, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-43519

    Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.... Read more

    • EPSS Score: %0.11
    • Published: Feb. 06, 2024
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-45699

    Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.... Read more

    Affected Products : ecu-r_firmware ecu-r
    • EPSS Score: %90.15
    • Published: Feb. 10, 2023
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-45709

    IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function.... Read more

    Affected Products : m50_firmware m50
    • EPSS Score: %0.66
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-35813

    Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.... Read more

    • EPSS Score: %93.52
    • Published: Jun. 17, 2023
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2023-35782

    The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.... Read more

    Affected Products : ipandlanguageredirect
    • EPSS Score: %0.29
    • Published: Jun. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2707

    A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with ... Read more

    • EPSS Score: %0.23
    • Published: Aug. 08, 2022
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2021-30179

    Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the ... Read more

    Affected Products : dubbo
    • EPSS Score: %3.58
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27140

    An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misu... Read more

    Affected Products : express-fileupload
    • EPSS Score: %0.46
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-25513

    Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.... Read more

    Affected Products : seacms
    • Published: Feb. 24, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-44410

    D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.... Read more

    Affected Products : di-8300_firmware di-8300
    • Published: Sep. 09, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-44466

    COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.... Read more

    Affected Products : cf-xr11_firmware cf-xr11
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2022-27177

    A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2... Read more

    Affected Products : consoleme
    • EPSS Score: %2.14
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291222 Results