Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-31913

    Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name.... Read more

    • Published: Jun. 16, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2021-33371

    A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box.... Read more

    • Published: Jul. 28, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2021-45003

    Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.... Read more

    • Published: Jan. 10, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-3008

    A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument user/pass leads to sql injection. It is possible to initiate the attack... Read more

    • Published: May. 31, 2023
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-3007

    A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argum... Read more

    • Published: May. 31, 2023
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3149

    A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is pos... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3145

    A vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. Affected by this issue is some unknown functionality of the file classes\Users.php?f=registration. The manipulation of the argument usern... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3146

    A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\categories\manage_category.php. The manipulation of the argument id leads to sql injection. It ... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-31295

    An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts.... Read more

    • Published: Jun. 16, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2023-3143

    A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\posts\manage_post.php. The manipulation of the argument content leads to cross site scripting. I... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3147

    A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin\categories\view_category.php. The manipulation of the argument id leads to sql injectio... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3148

    A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This issue affects some unknown processing of the file admin\posts\manage_post.php. The manipulation of the argument id leads to sql injection. The at... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2020-23935

    Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".... Read more

    • Published: Aug. 20, 2020
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-29309

    mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.... Read more

    Affected Products : mysiteforme mysiteforme
    • Published: May. 24, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3151

    A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user\manage_user.php. The manipulation of the argument id leads to sql injection.... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-31911

    Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team.... Read more

    • Published: Jun. 16, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2022-31294

    An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.... Read more

    • Published: Jun. 16, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3152

    A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack re... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2021-46027

    mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added... Read more

    Affected Products : mysiteforme mysiteforme
    • Published: Jan. 19, 2022
    • Modified: Apr. 22, 2025

  • 10.0

    HIGH
    CVE-2013-4813

    The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.... Read more

    • Published: Sep. 16, 2013
    • Modified: Apr. 22, 2025
Showing 20 of 293508 Results