Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-27040

    Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter.... Read more

    Affected Products : simple_image_gallery_web_app
    • EPSS Score: %1.70
    • Published: Mar. 16, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-27203

    Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php.... Read more

    Affected Products : best_pos_management_system
    • EPSS Score: %0.07
    • Published: Mar. 09, 2023
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-36452

    A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the appli... Read more

    Affected Products : micollab
    • EPSS Score: %1.90
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-36663

    Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.... Read more

    Affected Products : oxauth
    • EPSS Score: %8.46
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36711

    Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php.... Read more

    Affected Products : library_management_system
    • EPSS Score: %0.11
    • Published: Aug. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-6532

    Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db.... Read more

    • EPSS Score: %0.54
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-37002

    The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.... Read more

    Affected Products : emui harmonyos magic_ui
    • EPSS Score: %0.25
    • Published: Aug. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37057

    D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main.... Read more

    Affected Products : go-rt-ac750_firmware go-rt-ac750
    • EPSS Score: %65.08
    • Published: Aug. 28, 2022
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-37061

    All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php end... Read more

    Affected Products : flir_ax8_firmware flir_ax8
    • EPSS Score: %91.53
    • Published: Aug. 18, 2022
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2022-37258

    Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.... Read more

    Affected Products : steal
    • EPSS Score: %0.14
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37298

    Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes t... Read more

    Affected Products : shinken_monitoring
    • EPSS Score: %44.43
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-37242

    MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.... Read more

    • EPSS Score: %0.57
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37266

    Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js.... Read more

    Affected Products : steal
    • EPSS Score: %0.14
    • Published: Sep. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22205

    SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php.... Read more

    Affected Products : ecshop
    • EPSS Score: %0.51
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22208

    SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.... Read more

    Affected Products : 74cms
    • EPSS Score: %40.35
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22276

    WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.... Read more

    Affected Products : weforms
    • EPSS Score: %1.21
    • Published: Nov. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4274

    A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack r... Read more

    Affected Products : house_rental_system
    • EPSS Score: %0.04
    • Published: Dec. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19240

    Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload ... Read more

    • EPSS Score: %3.10
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22807

    An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.... Read more

    Affected Products : vtiger_crm
    • EPSS Score: %0.26
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23037

    Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.... Read more

    Affected Products : playable
    • EPSS Score: %0.51
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291058 Results