Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-1032

    A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation l... Read more

    Affected Products : openbi openbi
    • EPSS Score: %0.08
    • Published: Jan. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-15441

    A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries.... Read more

    Affected Products : prime_license_manager
    • EPSS Score: %0.42
    • Published: Nov. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17448

    An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.... Read more

    Affected Products : netscaler_sd-wan sd-wan
    • EPSS Score: %0.61
    • Published: Oct. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18389

    Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username wit... Read more

    Affected Products : neo4j
    • EPSS Score: %0.76
    • Published: Oct. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6220

    The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated a... Read more

    Affected Products : piotnet_forms
    • EPSS Score: %6.26
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-49237

    An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings.... Read more

    Affected Products : tv-ip1314pi_firmware tv-ip1314pi
    • EPSS Score: %3.30
    • Published: Jan. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-38731

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2019-16699

    The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.... Read more

    Affected Products : sr_freecap
    • EPSS Score: %2.48
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34267

    An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpo... Read more

    Affected Products : worldserver
    • EPSS Score: %73.90
    • Published: Dec. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51035

    TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.... Read more

    Affected Products : ex1200l_firmware ex1200l
    • EPSS Score: %0.17
    • Published: Dec. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24377

    The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.... Read more

    Affected Products : cycle-import-check
    • EPSS Score: %4.10
    • Published: Dec. 14, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2019-10276

    Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via the web/assets/swf/uploadify.php URI, as demonstrated by a .php file with the image/jpeg content type.... Read more

    Affected Products : razor
    • EPSS Score: %0.36
    • Published: Mar. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37016

    Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally... Read more

    Affected Products : symantec_endpoint_protection
    • EPSS Score: %0.29
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2021-27166

    An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon.... Read more

    Affected Products : hg6245d_firmware hg6245d
    • EPSS Score: %0.22
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27168

    An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account.... Read more

    Affected Products : hg6245d_firmware hg6245d
    • EPSS Score: %0.22
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2650

    Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.... Read more

    Affected Products : wger
    • EPSS Score: %0.15
    • Published: Nov. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4049

    The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.... Read more

    Affected Products : wp_user
    • EPSS Score: %83.30
    • Published: Jan. 02, 2023
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-35606

    A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'... Read more

    Affected Products : inventorymanagementsystem
    • EPSS Score: %0.23
    • Published: Aug. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10564

    An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.... Read more

    Affected Products : wordpress_file_upload
    • EPSS Score: %31.75
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1002002

    Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/... Read more

    Affected Products : webapp-builder
    • EPSS Score: %51.16
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291222 Results