Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-31458

    A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial instal... Read more

    Affected Products : mivoice_connect
    • EPSS Score: %0.27
    • Published: May. 24, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-31541

    A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.... Read more

    Affected Products : ckeditor
    • EPSS Score: %4.21
    • Published: Jun. 13, 2023
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-47117

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet.... Read more

    Affected Products : a15_firmware a15
    • EPSS Score: %0.12
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2020-13804

    An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.... Read more

    Affected Products : phantompdf reader
    • EPSS Score: %0.03
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-24770

    SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : nexusphp
    • EPSS Score: %3.89
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42039

    The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-lists
    • EPSS Score: %0.13
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-32336

    IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285.... Read more

    • EPSS Score: %0.19
    • Published: May. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47853

    TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %1.45
    • Published: Jan. 17, 2023
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-3237

    A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to t... Read more

    Affected Products : otcms
    • EPSS Score: %0.07
    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42458

    Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be alte... Read more

    Affected Products : bingo\!cms
    • EPSS Score: %0.58
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2020-24881

    SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.... Read more

    Affected Products : osticket
    • EPSS Score: %90.90
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42484

    An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.... Read more

    • EPSS Score: %0.20
    • Published: Jan. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48255

    There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution.... Read more

    Affected Products : bisheng-wnm_firmware bisheng-wnm
    • EPSS Score: %1.67
    • Published: Feb. 27, 2023
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-42744

    CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks.... Read more

    Affected Products : candidats
    • EPSS Score: %0.35
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-4855

    A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch th... Read more

    Affected Products : lead_management_system
    • EPSS Score: %2.68
    • Published: Dec. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46013

    An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_... Read more

    Affected Products : free_school_management_software
    • EPSS Score: %2.40
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-24987

    Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the ad... Read more

    Affected Products : ac18_firmware ac18
    • EPSS Score: %2.65
    • Published: Sep. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43027

    Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg.... Read more

    Affected Products : tx3_firmware tx3
    • EPSS Score: %0.17
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2020-13968

    CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter.... Read more

    Affected Products : business_platform
    • EPSS Score: %0.78
    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4279

    A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollu... Read more

    Affected Products : json-patch
    • EPSS Score: %0.10
    • Published: Dec. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291124 Results