Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-0947

    Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.... Read more

    Affected Products : flatpress
    • Published: Feb. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0961

    A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql ... Read more

    • Published: Feb. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24276

    TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-8277

    The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function a... Read more

    Affected Products : woocommerce_photo_reviews
    • Published: Sep. 11, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2023-21631

    Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.... Read more

    • Published: Jul. 04, 2023
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-8853

    The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselv... Read more

    Affected Products : webo-facto
    • Published: Sep. 20, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2020-12047

    The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded credentials.... Read more

    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12463

    An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML re... Read more

    Affected Products : fortify_software_security_center
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2172

    The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for ... Read more

    Affected Products : web_application_firewall
    • Published: Mar. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28426

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=edit&roleid=.... Read more

    Affected Products : baby_care_system
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14760

    SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.... Read more

    Affected Products : event_espresso_lite
    • Published: Sep. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-28439

    Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4.... Read more

    Affected Products : baby_care_system
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28461

    mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection.... Read more

    Affected Products : mingyuefusu
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7280

    A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/view_reserved.php. The manipulation of the argument id leads to sql injection. ... Read more

    Affected Products : lot_reservation_management_system
    • Published: Jul. 31, 2024
    • Modified: Aug. 08, 2024

  • 9.8

    CRITICAL
    CVE-2022-28468

    Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.... Read more

    Affected Products : payroll_management_system
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-12265

    The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.... Read more

    Affected Products : decompress
    • Published: Apr. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1097

    Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have b... Read more

    Affected Products : eg7035-m11_firmware eg7035-m11
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2774

    A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injecti... Read more

    • Published: May. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1142

    In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.... Read more

    Affected Products : infrasuite_device_master
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2646

    A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /vpnweb/index.php?para=index. The manipulation of the argument check_VirtualSiteId leads to sql inje... Read more

    • Published: Mar. 19, 2024
    • Modified: Jan. 30, 2025
Showing 20 of 294283 Results