Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-2695

    A vulnerability was found in SourceCodester Online Exam System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /kelas/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data... Read more

    • Published: May. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15977

    Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.... Read more

    Affected Products : expiring_download_links
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15979

    Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.... Read more

    Affected Products : shareet
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15980

    US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.... Read more

    Affected Products : us_zip_codes_database_script
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-4774

    The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.... Read more

    Affected Products : bit_form
    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-0600

    The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.... Read more

    Affected Products : wp_visitor_statistics
    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2017-15984

    Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.... Read more

    Affected Products : creative_management_system_lite
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15985

    Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.... Read more

    Affected Products : basic_b2b_script
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-2698

    A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The mani... Read more

    Affected Products : lost_and_found_information_system
    • Published: May. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2499

    The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it... Read more

    Affected Products : registrationmagic
    • Published: May. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31857

    Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save.... Read more

    Affected Products : online_computer_and_laptop_store
    • Published: May. 16, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-2780

    Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.... Read more

    Affected Products : mlflow
    • Published: May. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-23556

    An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases... Read more

    Affected Products : hermes
    • Published: May. 18, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-2704

    The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible... Read more

    Affected Products : bp_social_connect
    • Published: May. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2712

    Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Mod... Read more

    Affected Products : rental_module
    • Published: May. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2713

    Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15. ... Read more

    Affected Products : rental_module
    • Published: May. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28386

    Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signatur... Read more

    • Published: May. 22, 2023
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2023-2815

    A vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument supp... Read more

    Affected Products : online_jewelry_store
    • Published: May. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46658

    The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.... Read more

    • Published: May. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-20012

    WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.... Read more

    Affected Products : webplus_pro
    • Published: May. 23, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294267 Results