Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-20131

    A vulnerability was found in Itech News Portal 6.28. It has been classified as critical. Affected is an unknown function of the file /news-portal-script/information.php. The manipulation of the argument inf leads to sql injection. It is possible to launch... Read more

    Affected Products : news_portal_script
    • Published: Jul. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20132

    A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical. This issue affects some unknown processing of the file /multi-vendor-shopping-script/product-list.php. The manipulation of the argument pl leads to sql injection. The ... Read more

    Affected Products : multi_vendor_script
    • Published: Jul. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20135

    A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launc... Read more

    Affected Products : dating_script
    • Published: Jul. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36711

    WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.... Read more

    Affected Products : octobot
    • Published: Jul. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24082

    If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying syst... Read more

    Affected Products : pega_platform infinity
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34023

    Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php.... Read more

    Affected Products : barangay_management_system
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2486

    A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been ... Read more

    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34487

    Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.... Read more

    Affected Products : shortcode_addons
    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34982

    The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.... Read more

    Affected Products : eziod
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20141

    A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely... Read more

    Affected Products : movie_portal_script
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34113

    An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.... Read more

    Affected Products : dataease
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28438

    This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js... Read more

    Affected Products : deferred-exec
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24083

    Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.... Read more

    Affected Products : pega_platform infinity
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27612

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : audio_station
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22646

    The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.... Read more

    • Published: Jul. 28, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-1277

    Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.... Read more

    Affected Products : solar_log
    • Published: Jul. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36301

    BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.... Read more

    Affected Products : bf-os
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-31181

    PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.... Read more

    Affected Products : prestashop
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34953

    Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php.... Read more

    Affected Products : pharmacy_management_system
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28425

    This affects all versions of package curljs.... Read more

    Affected Products : curljs
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results