Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-4774

    The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.... Read more

    Affected Products : bit_form
    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-0600

    The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.... Read more

    Affected Products : wp_visitor_statistics
    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2017-15984

    Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.... Read more

    Affected Products : creative_management_system_lite
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15985

    Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.... Read more

    Affected Products : basic_b2b_script
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-2698

    A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The mani... Read more

    Affected Products : lost_and_found_information_system
    • Published: May. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2499

    The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it... Read more

    Affected Products : registrationmagic
    • Published: May. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31857

    Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save.... Read more

    Affected Products : online_computer_and_laptop_store
    • Published: May. 16, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-2780

    Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.... Read more

    Affected Products : mlflow
    • Published: May. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-23556

    An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases... Read more

    Affected Products : hermes
    • Published: May. 18, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-2704

    The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible... Read more

    Affected Products : bp_social_connect
    • Published: May. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2712

    Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Mod... Read more

    Affected Products : rental_module
    • Published: May. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2713

    Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15. ... Read more

    Affected Products : rental_module
    • Published: May. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28386

    Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signatur... Read more

    • Published: May. 22, 2023
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2023-2815

    A vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument supp... Read more

    Affected Products : online_jewelry_store
    • Published: May. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46658

    The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.... Read more

    • Published: May. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-20012

    WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.... Read more

    Affected Products : webplus_pro
    • Published: May. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29919

    SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.... Read more

    • Published: May. 23, 2023
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-23301

    The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, ... Read more

    Affected Products : connect-iq
    • Published: May. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-23305

    The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.... Read more

    Affected Products : connect-iq
    • Published: May. 23, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2017-2892

    An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information dis... Read more

    Affected Products : mongoose
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293507 Results