Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-40121

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php.... Read more

    Affected Products : online_banking_system
    • EPSS Score: %0.08
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-45132

    In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 templ... Read more

    Affected Products : lava
    • EPSS Score: %6.46
    • Published: Nov. 18, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-21281

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the ... Read more

    Affected Products : contiki-ng
    • EPSS Score: %0.44
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29924

    PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.... Read more

    Affected Products : powerjob
    • EPSS Score: %1.36
    • Published: Apr. 21, 2023
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-30246

    SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter.... Read more

    Affected Products : judging_management_system
    • EPSS Score: %0.93
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-45377

    Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8. ... Read more

    • EPSS Score: %0.18
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21304

    Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughou... Read more

    Affected Products : dynamoose
    • EPSS Score: %0.64
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21307

    Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in version... Read more

    Affected Products : lucee_server
    • EPSS Score: %92.21
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29423

    Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.... Read more

    Affected Products : countdown_builder
    • EPSS Score: %0.46
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40615

    IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.... Read more

    • EPSS Score: %0.08
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45720

    IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters in the formIPMacBindModify function.... Read more

    Affected Products : m50_firmware m50
    • EPSS Score: %0.12
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-40835

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. Note: Multiple third parties have disputed this as not a valid vulnerability... Read more

    Affected Products : codeigniter
    • EPSS Score: %0.07
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40864

    Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • EPSS Score: %0.17
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-40865

    Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • EPSS Score: %0.18
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-0441

    The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin... Read more

    Affected Products : masterstudy_lms
    • EPSS Score: %79.87
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41003

    Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequ... Read more

    Affected Products : quartz-gold_firmware quartz-gold
    • EPSS Score: %0.33
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45986

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • EPSS Score: %2.08
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31212

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7,... Read more

    • EPSS Score: %0.44
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46502

    Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php.... Read more

    Affected Products : online_student_enrollment_system
    • EPSS Score: %2.89
    • Published: Jan. 13, 2023
    • Modified: Apr. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-31240

    Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.... Read more

    Affected Products : orvc
    • EPSS Score: %0.06
    • Published: May. 22, 2023
    • Modified: Dec. 09, 2024
Showing 20 of 291124 Results