Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-16642

    App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.... Read more

    Affected Products : tuzicms tuzicms
    • EPSS Score: %0.26
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30466

    This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker coul... Read more

    • EPSS Score: %0.40
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37677

    Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.... Read more

    Affected Products : pligg_cms
    • EPSS Score: %1.29
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-35912

    In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader.... Read more

    Affected Products : grails
    • EPSS Score: %5.20
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-31284

    Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8.... Read more

    Affected Products : embedpress
    • Published: Jun. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45963

    h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability.... Read more

    • EPSS Score: %0.04
    • Published: Dec. 27, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-1511

    The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary fi... Read more

    • Published: Apr. 10, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-28556

    SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php.... Read more

    Affected Products : php_task_management_system
    • Published: Apr. 15, 2024
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2022-28495

    TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : cp900_firmware cp900
    • EPSS Score: %0.62
    • Published: Mar. 24, 2023
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-6655

    A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login In... Read more

    Affected Products : e-hr
    • EPSS Score: %0.14
    • Published: Dec. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25520

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-5577

    The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30415

    Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.... Read more

    • EPSS Score: %0.14
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-44305

    Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially cr... Read more

    Affected Products : dm5500_firmware dm5500
    • EPSS Score: %5.16
    • Published: Dec. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18075

    WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.... Read more

    Affected Products : wikidforum wikidforum
    • EPSS Score: %0.69
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34461

    Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.... Read more

    Affected Products : zenario
    • Published: May. 04, 2024
    • Modified: Mar. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-37067

    H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanParamsMulti.... Read more

    Affected Products : gr-1200w_firmware gr-1200w
    • EPSS Score: %0.44
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15560

    The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js.... Read more

    Affected Products : reviews_module
    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34060

    The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.... Read more

    Affected Products : togglee
    • EPSS Score: %0.42
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4503

    Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.... Read more

    • EPSS Score: %1.34
    • Published: Jul. 12, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results