Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-38537

    Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.... Read more

    Affected Products : archery
    • EPSS Score: %0.09
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38823

    In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.... Read more

    Affected Products : t6_firmware t6
    • EPSS Score: %0.13
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2887

    Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. ... Read more

    Affected Products : cbot_core cbot_panel
    • EPSS Score: %0.02
    • Published: May. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39042

    aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.... Read more

    Affected Products : a\+hrd
    • EPSS Score: %0.06
    • Published: Jan. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38882

    The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-json
    • EPSS Score: %0.39
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44003

    An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations.... Read more

    Affected Products : backclick
    • EPSS Score: %0.07
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-44118

    dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.... Read more

    Affected Products : dedecmsv6
    • EPSS Score: %5.27
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-44180

    Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter.... Read more

    Affected Products : ac18_firmware ac18
    • EPSS Score: %0.15
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44194

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.27
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2020-23877

    pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream.... Read more

    Affected Products : pdf2xml
    • EPSS Score: %0.46
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41589

    In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to ... Read more

    Affected Products : build_cache_node enterprise
    • EPSS Score: %2.45
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13421

    OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.... Read more

    Affected Products : openiam
    • EPSS Score: %0.33
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29374

    In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.... Read more

    Affected Products : langchain
    • EPSS Score: %1.57
    • Published: Apr. 05, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-23978

    SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"... Read more

    Affected Products : ecommerce_cms
    • EPSS Score: %0.87
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34057

    The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.... Read more

    Affected Products : scoptrial
    • EPSS Score: %0.61
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34056

    The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.... Read more

    Affected Products : watertools
    • EPSS Score: %0.42
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44621

    Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.... Read more

    Affected Products : kylin
    • EPSS Score: %0.70
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-29468

    The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be trig... Read more

    Affected Products : wilink8-wifi-mcp8
    • EPSS Score: %53.86
    • Published: Aug. 14, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-24202

    File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.... Read more

    • EPSS Score: %3.07
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18164

    SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter.... Read more

    Affected Products : tp-shop tpshop
    • EPSS Score: %0.26
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291124 Results