Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-17645

    Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.... Read more

    Affected Products : bus_booking_script
    • EPSS Score: %2.51
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-35314

    A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.... Read more

    Affected Products : wondercms
    • EPSS Score: %39.57
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17651

    Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.... Read more

    Affected Products : paid_to_read_script
    • EPSS Score: %2.51
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12414

    Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll.... Read more

    Affected Products : format_factory
    • EPSS Score: %0.51
    • Published: Aug. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2001-1155

    TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.47
    • Published: Aug. 23, 2001
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2021-21784

    An out-of-bounds write vulnerability exists in the JPG format SOF marker processing of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : imagegear
    • EPSS Score: %0.40
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22480

    The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.24
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17198

    Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML ... Read more

    Affected Products : roller
    • EPSS Score: %0.90
    • Published: May. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6698

    Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are man... Read more

    • EPSS Score: %1.00
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22633

    Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request.... Read more

    Affected Products :
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17377

    SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.... Read more

    Affected Products : questions
    • EPSS Score: %3.03
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-32318

    Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function.... Read more

    Affected Products : ac500_firmware ac500
    • Published: Apr. 17, 2024
    • Modified: Mar. 17, 2025

  • 9.8

    CRITICAL
    CVE-2018-17777

    An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. T... Read more

    Affected Products : dva-5592_firmware dva-5592
    • EPSS Score: %0.47
    • Published: Dec. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-20378

    Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2269

    The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability (by default admins), leading to an SQL injection... Read more

    Affected Products : website_file_changes_monitor
    • EPSS Score: %0.52
    • Published: Aug. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-20384

    Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19415

    Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php.... Read more

    Affected Products : plikli_cms
    • EPSS Score: %0.53
    • Published: Jan. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37163

    Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier f... Read more

    Affected Products : ihatetobudget
    • EPSS Score: %0.05
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37265

    Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.... Read more

    Affected Products : steal
    • EPSS Score: %0.14
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-1788

    Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.... Read more

    Affected Products : firefly_iii
    • EPSS Score: %0.07
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291157 Results