Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-7593

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functio... Read more

    Affected Products : logo\!_8_bm_firmware logo\!_8_bm
    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42172

    HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or sof... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2020-4427

    IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerab... Read more

    Affected Products : data_risk_manager
    • Actively Exploited
    • Published: May. 07, 2020
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2017-1002016

    Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.... Read more

    Affected Products : flickr_picture_backup
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-36195

    An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerabil... Read more

    • Published: Apr. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1002018

    Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.... Read more

    Affected Products : eventr
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1002028

    Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.... Read more

    Affected Products : gallery-transformation
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1001002

    math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.... Read more

    Affected Products : math.js mathjs
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1002020

    Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.... Read more

    Affected Products : surveys
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000493

    Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover... Read more

    Affected Products : rocket.chat
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1002013

    Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.... Read more

    Affected Products : image-gallery-with-slideshow
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1002019

    Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.... Read more

    Affected Products : eventr
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000474

    Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's... Read more

    Affected Products : vehicle_sales_management_system
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1002014

    Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.... Read more

    Affected Products : image-gallery-with-slideshow
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000501

    Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.... Read more

    Affected Products : debian_linux awstats
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000458

    Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.... Read more

    Affected Products : bro
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000437

    Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.... Read more

    Affected Products : gravity
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1002021

    Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.... Read more

    Affected Products : surveys
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000430

    rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions... Read more

    Affected Products : rust-base64
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1002008

    Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.... Read more

    Affected Products : membership_simplified
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292803 Results