Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-20289

    Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability.... Read more

    Affected Products : yccms
    • EPSS Score: %0.50
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14255

    A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints.... Read more

    Affected Products : go-camo
    • EPSS Score: %0.71
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-20951

    In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files.... Read more

    Affected Products : pluck
    • EPSS Score: %7.17
    • Published: May. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14480

    AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges.... Read more

    Affected Products : netcrunch
    • EPSS Score: %0.29
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14537

    YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.... Read more

    Affected Products : yourls
    • EPSS Score: %14.96
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0247

    A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The ... Read more

    • EPSS Score: %0.04
    • Published: Jan. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21651

    Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method.... Read more

    Affected Products : myucms
    • EPSS Score: %3.52
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21784

    phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.... Read more

    Affected Products : phpwcms
    • EPSS Score: %0.48
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18570

    The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.... Read more

    Affected Products : cformsii
    • EPSS Score: %0.55
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-3431

    All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.... Read more

    Affected Products : zxcloud_goldendata_vap
    • EPSS Score: %0.07
    • Published: Dec. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18684

    An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 (February 2017).... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15020

    A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection.... Read more

    Affected Products : inspector
    • EPSS Score: %1.58
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15025

    The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.... Read more

    Affected Products : ninja_forms ninjaforms
    • EPSS Score: %0.51
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-2301

    Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.... Read more

    Affected Products : active_directory
    • EPSS Score: %0.18
    • Published: Nov. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15535

    Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.... Read more

    Affected Products : tasking_manager
    • EPSS Score: %0.24
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15563

    Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.... Read more

    Affected Products : webapi
    • EPSS Score: %0.38
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15568

    idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels.... Read more

    Affected Products : idseq-web
    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15572

    Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php.... Read more

    Affected Products : gesior-aac
    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15872

    The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.... Read more

    Affected Products : loginpress
    • EPSS Score: %0.55
    • Published: Sep. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-24673

    In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the conten... Read more

    • EPSS Score: %0.40
    • Published: Dec. 22, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291058 Results