Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-3146

    A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\categories\manage_category.php. The manipulation of the argument id leads to sql injection. It ... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-31295

    An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts.... Read more

    • Published: Jun. 16, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2023-3143

    A vulnerability classified as problematic has been found in SourceCodester Online Discussion Forum Site 1.0. Affected is an unknown function of the file admin\posts\manage_post.php. The manipulation of the argument content leads to cross site scripting. I... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3147

    A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin\categories\view_category.php. The manipulation of the argument id leads to sql injectio... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3148

    A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This issue affects some unknown processing of the file admin\posts\manage_post.php. The manipulation of the argument id leads to sql injection. The at... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2020-23935

    Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".... Read more

    • Published: Aug. 20, 2020
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-29309

    mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.... Read more

    Affected Products : mysiteforme mysiteforme
    • Published: May. 24, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3151

    A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user\manage_user.php. The manipulation of the argument id leads to sql injection.... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-31911

    Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team.... Read more

    • Published: Jun. 16, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2022-31294

    An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.... Read more

    • Published: Jun. 16, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3152

    A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack re... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2021-46027

    mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added... Read more

    Affected Products : mysiteforme mysiteforme
    • Published: Jan. 19, 2022
    • Modified: Apr. 22, 2025

  • 10.0

    HIGH
    CVE-2013-4813

    The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.... Read more

    • Published: Sep. 16, 2013
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2013-4809

    Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.... Read more

    • Published: Sep. 16, 2013
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2023-3150

    A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file posts\manage_post.php. The manipulation of the argument id leads to sql ... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2023-3144

    A vulnerability classified as problematic was found in SourceCodester Online Discussion Forum Site 1.0. Affected by this vulnerability is an unknown functionality of the file admin\posts\manage_post.php. The manipulation of the argument title leads to cro... Read more

    • Published: Jun. 07, 2023
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2024-25854

    Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket.... Read more

    Affected Products : insurance_management_system
    • Published: Mar. 11, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2024-50609

    An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length ... Read more

    Affected Products : fluent_bit
    • Published: Feb. 18, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2024-2155

    A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be in... Read more

    • Published: Mar. 04, 2024
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2024-49744

    In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication
Showing 20 of 293510 Results