Latest CVE Feed
-
9.8
CRITICALCVE-2023-39021
wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument.... Read more
Affected Products : wix_embedded_mysql- EPSS Score: %0.11
- Published: Jul. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-51260
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.... Read more
- Published: Oct. 31, 2024
- Modified: Apr. 10, 2025
-
9.8
CRITICALCVE-2014-8563
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.... Read more
Affected Products : zimbra_collaboration_server- EPSS Score: %5.17
- Published: Jan. 27, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-38773
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.... Read more
Affected Products : formlift_for_infusionsoft_web_forms- Published: Jul. 22, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-24431
All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization.... Read more
Affected Products : abacus-ext-cmdline- EPSS Score: %0.32
- Published: Dec. 21, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2023-39651
Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versi... Read more
Affected Products : theme_volty_cms_brandlist- EPSS Score: %0.07
- Published: Oct. 03, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-4447
A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remo... Read more
Affected Products : rapidcms- EPSS Score: %0.18
- Published: Aug. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39681
Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload.... Read more
Affected Products : cuppacms- EPSS Score: %4.42
- Published: Sep. 05, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-1000641
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.... Read more
Affected Products : yeswiki- EPSS Score: %0.82
- Published: Aug. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39749
D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource. This vulnerability is exploited via a crafted GET request.... Read more
- EPSS Score: %1.91
- Published: Aug. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-3973
A vulnerability, which was classified as critical, was found in PHPGurukul COVID19 Testing Management System 1.0. This affects an unknown part of the file /check_availability.php. The manipulation of the argument mobnumber leads to sql injection. It is po... Read more
Affected Products : covid19_testing_management_system- Published: Apr. 27, 2025
- Modified: May. 07, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2024-48168
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code.... Read more
- Published: Oct. 14, 2024
- Modified: May. 07, 2025
-
9.8
CRITICALCVE-2024-48204
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.... Read more
Affected Products :- Published: Oct. 25, 2024
- Modified: Oct. 28, 2024
-
9.8
CRITICALCVE-2024-48406
Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c.... Read more
Affected Products :- Published: Nov. 29, 2024
- Modified: Dec. 04, 2024
-
9.8
CRITICALCVE-2024-48579
SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.... Read more
Affected Products : best_house_rental_management_system- Published: Oct. 25, 2024
- Modified: Apr. 28, 2025
-
9.8
CRITICALCVE-2024-52274
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50... Read more
- Published: Dec. 04, 2024
- Modified: May. 28, 2025
-
9.8
CRITICALCVE-2023-45046
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3. ... Read more
Affected Products : pressference_exporter- EPSS Score: %0.21
- Published: Nov. 06, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-52433
Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2.... Read more
Affected Products : my_geo_posts_free- Published: Nov. 18, 2024
- Modified: Nov. 20, 2024
-
9.8
CRITICALCVE-2022-24571
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access.... Read more
Affected Products : car_driving_school_management_system- EPSS Score: %0.48
- Published: Feb. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-4006
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.... Read more
Affected Products : phpmyfaq- EPSS Score: %0.11
- Published: Jul. 31, 2023
- Modified: Nov. 21, 2024