Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-11418

    Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i].... Read more

    Affected Products : fiyo_cms
    • Published: Jul. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-26645

    A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function.... Read more

    Affected Products : banking_system
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6798

    In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially al... Read more

    Affected Products : sling sling_i18n
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-27497

    Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.... Read more

    Affected Products : myvue speech vue_motion vue_pacs
    • Published: Apr. 01, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2017-11470

    IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.... Read more

    Affected Products : uptime_infrastructure_monitor
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6531

    On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile.... Read more

    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-32980

    Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.... Read more

    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9932

    Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.... Read more

    Affected Products : dx-350_firmware dx-350
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-3886

    libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : libinfinity
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-27304

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.... Read more

    Affected Products : student_grading_system
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28116

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.... Read more

    Affected Products : online_banking_system
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28467

    Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter.... Read more

    Affected Products : online_student_admission
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43421

    A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.... Read more

    Affected Products : elfinder
    • Published: Apr. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43474

    An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Apr. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1287

    A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack ca... Read more

    Affected Products : school_club_application_system
    • Published: Apr. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27269

    InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet.... Read more

    Affected Products : inrouter_900_firmware inrouter_900
    • Published: Apr. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37291

    An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.... Read more

    Affected Products : 4st_l-bems
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26095

    Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.... Read more

    Affected Products : android dex
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27275

    InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet.... Read more

    Affected Products : inrouter_900_firmware inrouter_900
    • Published: Apr. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29080

    The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.... Read more

    Affected Products : npm-dependency-versions
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292767 Results