Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-0910

    A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_prod.php of the component GET Parameter Handler. The manipulation of the argument ID lea... Read more

    • Published: Feb. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0917

    A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injecti... Read more

    • Published: Feb. 19, 2023
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-48329

    MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.... Read more

    Affected Products : misp
    • Published: Feb. 20, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-26093

    Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter.... Read more

    Affected Products : liima
    • Published: Feb. 20, 2023
    • Modified: Mar. 17, 2025

  • 9.8

    CRITICAL
    CVE-2018-17410

    Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.... Read more

    Affected Products : horus_cms
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17566

    In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.... Read more

    Affected Products : thinkphp
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17376

    SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.... Read more

    Affected Products : reverse_auction_factory
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17385

    SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.... Read more

    Affected Products : social_factory
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46637

    Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services.... Read more

    Affected Products : prs1841_firmware prs1841
    • Published: Feb. 21, 2023
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-25158

    GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when ... Read more

    Affected Products : geotools
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24320

    An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : axcora
    • Published: Feb. 21, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-24080

    A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.... Read more

    Affected Products : myq
    • Published: Feb. 21, 2023
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-24108

    MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.... Read more

    Affected Products : mvctools
    • Published: Feb. 22, 2023
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-0960

    A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be... Read more

    Affected Products : seacms
    • Published: Feb. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0963

    A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. ... Read more

    • Published: Feb. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24812

    Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag (notes/search-by-tag). This has been fixed in version 13.3.3. User... Read more

    Affected Products : misskey
    • Published: Feb. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0939

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection.This issue affects Online Services Software: before 1.17. ... Read more

    Affected Products : online_services
    • Published: Feb. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0986

    A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/?page=user/manage_user of the component Edit User. The manipulation of the argument id leads to sql... Read more

    Affected Products : sales_tracker_management_system
    • Published: Feb. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24104

    Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.... Read more

    • Published: Feb. 23, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-24212

    Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.... Read more

    Affected Products : ax3_firmware ax3
    • Published: Feb. 23, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293512 Results