Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-27052

    E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/delete_user.php.... Read more

    Affected Products : moosikay
    • Published: Mar. 13, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2020-21806

    SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php..... Read more

    Affected Products : ectouch
    • Published: Jul. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41840

    Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.... Read more

    • Published: Nov. 18, 2022
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-36727

    Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php.... Read more

    Affected Products : library_management_system
    • Published: Aug. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36734

    Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php.... Read more

    Affected Products : library_management_system
    • Published: Aug. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41991

    A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a network request to tri... Read more

    Affected Products : quartz-gold_firmware quartz-gold
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42165

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-27720

    D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.... Read more

    Affected Products : dir-878_firmware dir-878
    • Published: Apr. 09, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-42168

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-27849

    rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.... Read more

    Affected Products : rails-routes-to-json
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2022-37070

    H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.... Read more

    Affected Products : gr-1200w_firmware gr-1200w
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22226

    Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function.... Read more

    Affected Products : fundraising_script
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28424

    Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, ... Read more

    Affected Products : soko
    • Published: Mar. 20, 2023
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-38296

    Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.... Read more

    Affected Products : cuppacms
    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43672

    Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.... Read more

    • Published: Nov. 12, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-38828

    TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi... Read more

    Affected Products : t6_firmware t6
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38880

    The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.... Read more

    Affected Products : democritus_urls
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41100

    Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-live... Read more

    Affected Products : wire wire-server
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44188

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2020-23790

    An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5.... Read more

    Affected Products : golo
    • Published: May. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293605 Results