Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-26134

    Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, ... Read more

    Affected Products : git-commit-info
    • EPSS Score: %0.22
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41019

    Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequ... Read more

    Affected Products : quartz-gold_firmware quartz-gold
    • EPSS Score: %0.33
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-35741

    Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin b... Read more

    Affected Products : cloudstack
    • EPSS Score: %12.16
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20704

    Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServer... Read more

    • EPSS Score: %1.35
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26326

    The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and cal... Read more

    Affected Products : buddyforms
    • EPSS Score: %40.15
    • Published: Feb. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4116

    A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.... Read more

    Affected Products : quarkus build_of_quarkus
    • EPSS Score: %22.15
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2018-5992

    SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.... Read more

    Affected Products : staff_master
    • EPSS Score: %1.49
    • Published: Feb. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21522

    An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.... Read more

    Affected Products : halo
    • EPSS Score: %0.59
    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41496

    iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.... Read more

    Affected Products : icms
    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2020-12870

    RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.... Read more

    Affected Products : pacsone_server
    • EPSS Score: %1.03
    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36201

    Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.... Read more

    Affected Products : doctor\'s_appointment_system
    • EPSS Score: %0.20
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36273

    Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %18.36
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2682

    A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component Mini_HTTPD. The manipulation of the argument address with the input ;id;uname${I... Read more

    Affected Products : caton_live
    • EPSS Score: %0.18
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-26311

    A remote code execution vulnerability in the webview component of OPPO Store app. ... Read more

    Affected Products : oppo_store
    • EPSS Score: %1.49
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36344

    An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted fi... Read more

    • EPSS Score: %0.71
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41657

    Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be... Read more

    Affected Products : infrasuite_device_master
    • EPSS Score: %27.48
    • Published: Oct. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26921

    OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd.... Read more

    Affected Products : ag550qcn_firmware ag550qcn
    • EPSS Score: %1.81
    • Published: Apr. 04, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-26978

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %1.45
    • Published: Apr. 07, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-27016

    Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.32
    • Published: Apr. 07, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-27018

    Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.12
    • Published: Apr. 07, 2023
    • Modified: Feb. 12, 2025
Showing 20 of 291058 Results