Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.8

    CRITICAL
    CVE-2022-45360

    Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1. ... Read more

    Affected Products : commenter_emails
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2021-4297

    A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unkn... Read more

    Affected Products : jobe
    • Published: Jan. 01, 2023
    • Modified: May. 28, 2025
  • 9.8

    CRITICAL
    CVE-2022-36262

    An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.... Read more

    Affected Products : taocms
    • Published: Aug. 15, 2022
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2018-19991

    VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.... Read more

    Affected Products : verynginx
    • Published: Dec. 10, 2018
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2023-35797

    Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via princip... Read more

    • Published: Jul. 03, 2023
    • Modified: Feb. 13, 2025
  • 9.8

    CRITICAL
    CVE-2022-36544

    Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php.... Read more

    Affected Products : edoc-doctor-appointment-system
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2022-46166

    Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are ... Read more

    Affected Products : spring_boot_admin
    • Published: Dec. 09, 2022
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2023-3623

    A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Duty/AjaxHandle/UploadHandler.as... Read more

    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2022-36601

    The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands.... Read more

    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2023-0353

    Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file.... Read more

    Affected Products : e11_firmware e11
    • Published: Mar. 13, 2023
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2020-18174

    A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges.... Read more

    Affected Products : autohotkey
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2020-24055

    Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. ... Read more

    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2022-47105

    Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.... Read more

    Affected Products : jeecg_boot
    • Published: Jan. 19, 2023
    • Modified: Apr. 03, 2025
  • 9.8

    CRITICAL
    CVE-2023-3687

    A vulnerability was found in Bylancer QuickVCard 2.1. It has been rated as critical. This issue affects some unknown processing of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack... Read more

    Affected Products : quickvcard
    • Published: Jul. 16, 2023
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2022-47377

    Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method.... Read more

    Affected Products : sim2000_firmware sim2000st
    • Published: Dec. 16, 2022
    • Modified: Apr. 16, 2025
  • 9.8

    CRITICAL
    CVE-2023-37265

    CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses... Read more

    Affected Products : casaos casaos-gateway
    • Published: Jul. 17, 2023
    • Modified: Apr. 07, 2025
  • 9.8

    CRITICAL
    CVE-2022-47588

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a throu... Read more

    Affected Products : simple_photo_gallery
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2023-0782

    A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched ... Read more

    Affected Products : ac23_firmware ac23
    • Published: Feb. 11, 2023
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2022-47618

    Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service.... Read more

    • Published: Jan. 03, 2023
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2023-0923

    A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.... Read more

    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293660 Results