Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-0945

    In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ... Read more

    Affected Products : android
    • Published: Jun. 15, 2023
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2023-2080

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.... Read more

    Affected Products : email_security web_security
    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32754

    Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.... Read more

    Affected Products : efence
    • Published: Jun. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34659

    jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.... Read more

    Affected Products : jeecg_boot
    • Published: Jun. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14374

    The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting st... Read more

    Affected Products : storage_manager
    • Published: Dec. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17465

    K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request.... Read more

    Affected Products : antivirus
    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17110

    Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.... Read more

    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16684

    SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.... Read more

    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17570

    FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.... Read more

    Affected Products : expedia_clone
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-2697

    A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /jurusan/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to s... Read more

    • Published: May. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17578

    FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.... Read more

    Affected Products : crowdfunding_script
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17600

    Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.... Read more

    Affected Products : basic_b2b_script
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17606

    Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.... Read more

    Affected Products : co-work_space_search_script
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17624

    PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17630

    Yoga Class Script 1.0 has SQL Injection via the /list city parameter.... Read more

    Affected Products : yoga_class_script
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17636

    MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.... Read more

    Affected Products : mlm_forced_matrix
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17638

    Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.... Read more

    Affected Products : groupon_clone_script
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17648

    Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.... Read more

    Affected Products : entrepreneur_dating_script
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17672

    In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemp... Read more

    Affected Products : vbulletin
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-2366

    A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection... Read more

    Affected Products : faculty_evaluation_system
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294267 Results