Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-46859

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. ... Read more

    Affected Products : spiffy_calendar
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46849

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon &... Read more

    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31752

    SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.... Read more

    • Published: May. 23, 2023
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2020-24769

    SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.... Read more

    Affected Products : nexusphp
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42036

    The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-urls
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42040

    The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-algorithms
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-42496

    OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.... Read more

    Affected Products : nadesiko3
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-42498

    In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVer... Read more

    Affected Products : android
    • Published: Mar. 24, 2023
    • Modified: Feb. 28, 2025

  • 9.8

    CRITICAL
    CVE-2020-13877

    SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure.... Read more

    Affected Products : meeting_monitor
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5019

    A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function i... Read more

    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48196

    Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R700... Read more

    • Published: Dec. 30, 2022
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-48333

    Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow.... Read more

    Affected Products : trusted_application
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13917

    rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, ... Read more

    Affected Products : unleashed_firmware r310 r500 r600 t300 t301n t301s h320 h510 r710 +15 more products
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48512

    Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3275

    A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the arg... Read more

    Affected Products : rail_pass_management_system
    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42998

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43108

    Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.... Read more

    Affected Products : ac23_firmware ac23
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-43213

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php.... Read more

    Affected Products : billing_system_project
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-43304

    The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1... Read more

    Affected Products : d8s-timer
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-43214

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php.... Read more

    Affected Products : billing_system
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 293673 Results