Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-17895

    Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.... Read more

    Affected Products : basic_job_site_script
    • EPSS Score: %0.25
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-17412

    zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.... Read more

    Affected Products : zzcms
    • EPSS Score: %0.26
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-15374

    Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.... Read more

    Affected Products : fabric_operating_system
    • EPSS Score: %0.50
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39551

    PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.... Read more

    • EPSS Score: %0.64
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36132

    PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.... Read more

    Affected Products : availability_booking_calendar
    • EPSS Score: %0.10
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36139

    In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.... Read more

    Affected Products : cleaning_business_software
    • EPSS Score: %0.34
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33666

    ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.... Read more

    Affected Products : aioptimizedcombinations
    • EPSS Score: %0.06
    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-21408

    Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. ... Read more

    Affected Products : license_plate_verifier
    • EPSS Score: %0.10
    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36089

    Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintai... Read more

    • EPSS Score: %0.38
    • Published: Jul. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27210

    Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.... Read more

    Affected Products : online_pizza_ordering_system
    • EPSS Score: %0.07
    • Published: Mar. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-7241

    XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.... Read more

    Affected Products : netweaver
    • EPSS Score: %27.38
    • Published: Sep. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-26563

    The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any direct... Read more

    Affected Products : nodejs_file_system_provider
    • EPSS Score: %0.97
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37165

    Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php.... Read more

    Affected Products : millhouse-project
    • EPSS Score: %3.26
    • Published: Jul. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36516

    H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function ap_version_check.... Read more

    Affected Products : gr-1200w_firmware gr-1200w
    • EPSS Score: %0.44
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23745

    In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution o... Read more

    Affected Products : web_clipper
    • EPSS Score: %4.16
    • Published: Jan. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-15475

    In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free.... Read more

    Affected Products : ndpi
    • EPSS Score: %0.69
    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33759

    SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack.... Read more

    Affected Products : maximiser_soft_pbx
    • EPSS Score: %0.04
    • Published: Jan. 25, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-50030

    In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited... Read more

    Affected Products : jmssetting
    • EPSS Score: %0.14
    • Published: Jan. 19, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-47674

    Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model o... Read more

    • EPSS Score: %0.58
    • Published: Nov. 16, 2023
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2019-5619

    AASync.com AASync version 2.2.1.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.... Read more

    Affected Products : aasync
    • EPSS Score: %0.57
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291205 Results