Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-41589

    In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to ... Read more

    Affected Products : build_cache_node enterprise
    • EPSS Score: %2.45
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13421

    OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.... Read more

    Affected Products : openiam
    • EPSS Score: %0.33
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29374

    In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.... Read more

    Affected Products : langchain
    • EPSS Score: %1.57
    • Published: Apr. 05, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-23978

    SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"... Read more

    Affected Products : ecommerce_cms
    • EPSS Score: %0.87
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34057

    The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.... Read more

    Affected Products : scoptrial
    • EPSS Score: %0.61
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34056

    The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.... Read more

    Affected Products : watertools
    • EPSS Score: %0.42
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44621

    Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.... Read more

    Affected Products : kylin
    • EPSS Score: %0.70
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-29468

    The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be trig... Read more

    Affected Products : wilink8-wifi-mcp8
    • EPSS Score: %53.86
    • Published: Aug. 14, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-24202

    File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.... Read more

    • EPSS Score: %3.07
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18164

    SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter.... Read more

    Affected Products : tp-shop tpshop
    • EPSS Score: %0.26
    • Published: Aug. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40121

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php.... Read more

    Affected Products : online_banking_system
    • EPSS Score: %0.08
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-45132

    In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 templ... Read more

    Affected Products : lava
    • EPSS Score: %6.46
    • Published: Nov. 18, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-21281

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the ... Read more

    Affected Products : contiki-ng
    • EPSS Score: %0.44
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29924

    PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.... Read more

    Affected Products : powerjob
    • EPSS Score: %1.36
    • Published: Apr. 21, 2023
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-30246

    SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter.... Read more

    Affected Products : judging_management_system
    • EPSS Score: %0.93
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-45377

    Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8. ... Read more

    • EPSS Score: %0.18
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21304

    Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughou... Read more

    Affected Products : dynamoose
    • EPSS Score: %0.64
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21307

    Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in version... Read more

    Affected Products : lucee_server
    • EPSS Score: %92.21
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29423

    Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.... Read more

    Affected Products : countdown_builder
    • EPSS Score: %0.46
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40615

    IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.... Read more

    • EPSS Score: %0.08
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291132 Results