Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-48011

    Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.... Read more

    Affected Products : opencats
    • Published: Jan. 27, 2023
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-32519

    A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)... Read more

    Affected Products : data_center_expert
    • Published: Jan. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-23582

    Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely. ... Read more

    • Published: Jan. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45172

    An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser ... Read more

    Affected Products : vdesk
    • Published: Jan. 31, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-47770

    Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection.... Read more

    Affected Products : fast_checkin
    • Published: Feb. 01, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2017-20171

    A vulnerability classified as critical has been found in PrivateSky apersistence. This affects an unknown part of the file db/sql/mysqlUtils.js. The manipulation leads to sql injection. The identifier of the patch is 954425f61634b556fe644837a592a5b8fcfca0... Read more

    Affected Products : apersistence
    • Published: Jan. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48114

    RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.... Read more

    Affected Products : ruoyi
    • Published: Feb. 02, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2021-36424

    An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.... Read more

    Affected Products : phpwcms
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2021-36484

    SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.... Read more

    Affected Products : jizhicms
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2021-37497

    SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.... Read more

    Affected Products : pbootcms
    • Published: Feb. 03, 2023
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2013-10016

    A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The patch is named 306f170ca2a8... Read more

    Affected Products : webfinance
    • Published: Feb. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-25101

    A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possib... Read more

    Affected Products : turbogears
    • Published: Feb. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24201

    Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php.... Read more

    Affected Products : raffle_draw_system
    • Published: Feb. 06, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-24202

    Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.... Read more

    Affected Products : raffle_draw_system
    • Published: Feb. 06, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2025-7593

    A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The manipulation of the argument ID leads to sql injection. The attack may be launched rem... Read more

    Affected Products : job_diary
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2021-31573

    In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploi... Read more

    • Published: Feb. 06, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2021-31575

    In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploi... Read more

    • Published: Feb. 06, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2021-31577

    In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    • Published: Feb. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31578

    In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    • Published: Feb. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3229

    Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage th... Read more

    Affected Products : windows unified_remote
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025
Showing 20 of 293651 Results