Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-37242

    MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.... Read more

    • EPSS Score: %0.57
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37266

    Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js.... Read more

    Affected Products : steal
    • EPSS Score: %0.14
    • Published: Sep. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22205

    SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php.... Read more

    Affected Products : ecshop
    • EPSS Score: %0.51
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22208

    SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.... Read more

    Affected Products : 74cms
    • EPSS Score: %40.35
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22276

    WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.... Read more

    Affected Products : weforms
    • EPSS Score: %1.21
    • Published: Nov. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4274

    A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack r... Read more

    Affected Products : house_rental_system
    • EPSS Score: %0.04
    • Published: Dec. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19240

    Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload ... Read more

    • EPSS Score: %3.10
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22807

    An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.... Read more

    Affected Products : vtiger_crm
    • EPSS Score: %0.26
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23037

    Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.... Read more

    Affected Products : playable
    • EPSS Score: %0.51
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38394

    Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command.... Read more

    • EPSS Score: %1.32
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38537

    Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.... Read more

    Affected Products : archery
    • EPSS Score: %0.09
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38823

    In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.... Read more

    Affected Products : t6_firmware t6
    • EPSS Score: %0.13
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2887

    Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. ... Read more

    Affected Products : cbot_core cbot_panel
    • EPSS Score: %0.02
    • Published: May. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39042

    aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.... Read more

    Affected Products : a\+hrd
    • EPSS Score: %0.06
    • Published: Jan. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38882

    The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-json
    • EPSS Score: %0.39
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44003

    An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations.... Read more

    Affected Products : backclick
    • EPSS Score: %0.07
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-44118

    dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.... Read more

    Affected Products : dedecmsv6
    • EPSS Score: %5.27
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-44180

    Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter.... Read more

    Affected Products : ac18_firmware ac18
    • EPSS Score: %0.15
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44194

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.27
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2020-23877

    pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream.... Read more

    Affected Products : pdf2xml
    • EPSS Score: %0.46
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291157 Results