Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-28748

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. ... Read more

    Affected Products : copy_or_move_comments
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38649

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access t... Read more

    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-38637

    Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.... Read more

    Affected Products : hospital_management_system
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23359

    WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.... Read more

    Affected Products : webid
    • Published: Jan. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44050

    The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is... Read more

    Affected Products : d8s-networking
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-13394

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the rou... Read more

    • Published: May. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23935

    Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".... Read more

    • Published: Aug. 20, 2020
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-39345

    Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a p... Read more

    Affected Products : gin-vue-admin
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34065

    The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.... Read more

    Affected Products : rondolu-yt-concate
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-24115

    In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access.... Read more

    Affected Products : online_book_store
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-24215

    An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (... Read more

    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2955

    A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the... Read more

    • Published: May. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40009

    SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c.... Read more

    Affected Products : swftools
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-29728

    The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.... Read more

    Affected Products : call_blocker
    • Published: May. 30, 2023
    • Modified: Jan. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-29800

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 14, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-29801

    TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 14, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-45101

    Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution... Read more

    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40114

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.... Read more

    Affected Products : online_banking_system
    • Published: Sep. 23, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40116

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php.... Read more

    Affected Products : online_banking_system
    • Published: Sep. 23, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-30185

    CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.... Read more

    Affected Products : crmeb
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025
Showing 20 of 294277 Results