Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-42042

    The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-networking
    • Published: Oct. 11, 2022
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2021-42665

    An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.... Read more

    Affected Products : engineers_online_portal
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47862

    Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.... Read more

    Affected Products : lead_management_system
    • Published: Jan. 11, 2023
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-3249

    The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possi... Read more

    • Published: Jun. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32567

    Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236... Read more

    Affected Products : avalanche
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48284

    A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.... Read more

    Affected Products : hilink_ai_life
    • Published: Feb. 27, 2023
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-48479

    The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.... Read more

    Affected Products : harmonyos
    • Published: May. 26, 2023
    • Modified: Jan. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-48334

    Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow.... Read more

    Affected Products : trusted_application
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43003

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43103

    Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function.... Read more

    Affected Products : ac23_firmware ac23
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-4880

    A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path tr... Read more

    Affected Products : openutau
    • Published: Jan. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43262

    Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php.... Read more

    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33362

    Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.... Read more

    Affected Products : piwigo
    • Published: May. 23, 2023
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-33338

    Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.... Read more

    Affected Products : old_age_home_management_system
    • Published: May. 23, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2022-4395

    The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.... Read more

    Affected Products : membership_for_woocommerce
    • Published: Jan. 30, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-44051

    The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.... Read more

    Affected Products : d8s-stats
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-14054

    SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page.... Read more

    • Published: Jun. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44199

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44371

    hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).... Read more

    Affected Products : hope-boot
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-34605

    H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at /dotrace.asp.... Read more

    Affected Products : magic_r200_firmware magic_r200
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293182 Results