Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-15990

    Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.... Read more

    Affected Products : phpinventory
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1601

    IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624.... Read more

    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48886

    A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request.... Read more

    Affected Products : nettyrpc
    • Published: Dec. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-5784

    A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecont... Read more

    • Published: Oct. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18705

    PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php.... Read more

    Affected Products : hospital_management_system
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-5792

    A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be... Read more

    Affected Products : sticky_notes_app
    • Published: Oct. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14402

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.... Read more

    Affected Products : eyesofnetwork
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-19468

    HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.... Read more

    Affected Products : hucart
    • Published: Nov. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20381

    Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.... Read more

    Affected Products : dpc2320_firmware dpc2320
    • Published: Dec. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15697

    A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x... Read more

    Affected Products : nifi
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15813

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs.... Read more

    Affected Products : android
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15959

    Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.... Read more

    Affected Products : adultscriptpro
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-20979

    The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.... Read more

    Affected Products : contact_form_7
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21038

    An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018).... Read more

    Affected Products : android
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21162

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before... Read more

    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5543

    includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.... Read more

    Affected Products : subrion
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16615

    An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in comm... Read more

    Affected Products : mlalchemy
    • Published: Nov. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-25088

    A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2. Affected is the function _create_pg_connection/create_postgres_db of the file postgraas_server/backends/postgres_cluster/postgres_cluster_driver.py... Read more

    Affected Products : postgraas_server
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17577

    FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.... Read more

    Affected Products : trademe_clone
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17582

    FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.... Read more

    Affected Products : grubhub_clone
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294068 Results