Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-29842

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devices... Read more

    • Published: May. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29841

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command co... Read more

    • Published: May. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2643

    A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. This vulnerability affects unknown code of the file register/update_password.php of the component POST Parameter Handler. The manipulation of the argument ... Read more

    Affected Products : file_tracker_manager_system
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31498

    A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.... Read more

    • Published: May. 11, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-0855

    Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:... Read more

    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0856

    Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Sate... Read more

    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47129

    PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.... Read more

    Affected Products : phpok
    • Published: May. 11, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-2661

    A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack... Read more

    Affected Products : online_computer_and_laptop_store
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15963

    iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.... Read more

    Affected Products : gigs_script
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15968

    MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.... Read more

    Affected Products : mybuildersite
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15971

    Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.... Read more

    Affected Products : same_date_pro
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-30330

    SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php.... Read more

    Affected Products : excellence_suite
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-27238

    LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.... Read more

    Affected Products : lavalite
    • Published: May. 12, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-2694

    A vulnerability was found in SourceCodester Online Exam System 1.0. It has been classified as critical. This affects an unknown part of the file /dosen/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads t... Read more

    • Published: May. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2695

    A vulnerability was found in SourceCodester Online Exam System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /kelas/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data... Read more

    • Published: May. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15977

    Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.... Read more

    Affected Products : expiring_download_links
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15979

    Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.... Read more

    Affected Products : shareet
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15980

    US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.... Read more

    Affected Products : us_zip_codes_database_script
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-4774

    The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.... Read more

    Affected Products : bit_form
    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-0600

    The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.... Read more

    Affected Products : wp_visitor_statistics
    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025
Showing 20 of 293499 Results