Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-19180

    statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php... Read more

    Affected Products : yunucms
    • EPSS Score: %0.78
    • Published: Nov. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17334

    An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact bec... Read more

    Affected Products : libsvg2
    • EPSS Score: %0.86
    • Published: Sep. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1999019

    Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a sim... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %1.77
    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21944

    Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This ... Read more

    Affected Products : imagegear
    • EPSS Score: %0.30
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17383

    SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.... Read more

    Affected Products : collection_factory
    • EPSS Score: %3.03
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37090

    H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID.... Read more

    Affected Products : h200_firmware h200
    • EPSS Score: %0.44
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2653

    A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. ... Read more

    Affected Products : lost_and_found_information_system
    • EPSS Score: %0.05
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34531

    DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.... Read more

    Affected Products : dedecms
    • EPSS Score: %29.73
    • Published: Jul. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9107

    Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a univ... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %1.66
    • Published: Aug. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-29312

    An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpa... Read more

    Affected Products : zend_framework
    • EPSS Score: %1.87
    • Published: Apr. 04, 2023
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-26858

    SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.... Read more

    Affected Products : frequently_asked_questions_page
    • EPSS Score: %0.22
    • Published: Mar. 31, 2023
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-28497

    TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted requ... Read more

    Affected Products : cp900_firmware cp900
    • EPSS Score: %0.18
    • Published: Mar. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17713

    Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp paramete... Read more

    Affected Products : trape
    • EPSS Score: %0.36
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17413

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTa... Read more

    Affected Products : netvault_backup
    • EPSS Score: %20.96
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2003-0174

    The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.... Read more

    Affected Products : irix
    • EPSS Score: %0.36
    • Published: May. 12, 2003
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2015-9335

    The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.... Read more

    Affected Products : limit_attempts
    • EPSS Score: %0.55
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10283

    The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION mes... Read more

    Affected Products : micro_air_vehicle_link
    • EPSS Score: %0.42
    • Published: Aug. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12498

    spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.... Read more

    Affected Products : icms
    • EPSS Score: %0.26
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-7131

    A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_employee_attendance. The manipulation of the argument empl... Read more

    Affected Products : payroll_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-27845

    In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication
Showing 20 of 291222 Results