Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-13187

    The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php.... Read more

    Affected Products : rich_text_formatter
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13292

    A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.... Read more

    Affected Products : weberp
    • Published: Jul. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2473

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501.... Read more

    Affected Products : android
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2017-17766

    In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocatio... Read more

    Affected Products : android
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-1465

    The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the ... Read more

    Affected Products : cubecart
    • Published: Feb. 08, 2013
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2018-16159

    The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.... Read more

    Affected Products : gift_vouchers
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16354

    An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter.... Read more

    Affected Products : fhcrm
    • Published: Sep. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17873

    Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.... Read more

    Affected Products : marketplace_digital_products_php
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-10085

    CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or d... Read more

    Affected Products : cms_made_simple
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17110

    Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.... Read more

    Affected Products : simple_pos
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17172

    The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.... Read more

    • Published: Jan. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17228

    nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call.... Read more

    Affected Products : nmap4j
    • Published: Sep. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17381

    SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.... Read more

    Affected Products : dutch_auction_factory
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10617

    Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow rem... Read more

    • Published: Jun. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10653

    There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.... Read more

    Affected Products : xenmobile_server
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17852

    A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.... Read more

    Affected Products : wuzhi_cms
    • Published: Oct. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17893

    LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution.... Read more

    Affected Products : laquis_scada
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15069

    An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege.... Read more

    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37220

    Synel Terminals - CWE-494: Download of Code Without Integrity Check ... Read more

    • Published: Sep. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15322

    The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion.... Read more

    Affected Products : shortcode_factory
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294068 Results