Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-1219

    Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.... Read more

    Affected Products : garoon
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16614

    SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.... Read more

    Affected Products : tpshop
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-11435

    The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The ro... Read more

    Affected Products : hg100r_firmware hg100r
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-20439

    Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.... Read more

    Affected Products : dpc3928sl_firmware dpc3928sl
    • Published: Dec. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20818

    A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact.... Read more

    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15946

    In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.... Read more

    Affected Products : tag_meta
    • Published: Oct. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-20596

    Jspxcms v9.0.0 allows SSRF.... Read more

    Affected Products : jspxcms
    • Published: Dec. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-2404

    SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.... Read more

    Affected Products : disclosure_management
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-25026

    An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.... Read more

    Affected Products : actix-web
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17111

    Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.... Read more

    Affected Products : posty_readymade_classifieds
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6187

    Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.... Read more

    Affected Products : disksavvy_enterprise
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6199

    A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.... Read more

    Affected Products : sandstorm
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17415

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseSta... Read more

    Affected Products : netvault_backup
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17586

    FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.... Read more

    Affected Products : olx_clone
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17609

    Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.... Read more

    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17616

    Event Search Script 1.0 has SQL Injection via the /event-list city parameter.... Read more

    Affected Products : event_calendar_category_script
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17627

    Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.... Read more

    Affected Products : readymade_video_sharing_script
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17731

    DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.... Read more

    Affected Products : dedecms
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17875

    The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.... Read more

    Affected Products : jextn_faq_pro
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17931

    PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.... Read more

    Affected Products : resume_clone_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293350 Results