Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-9982

    AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database c... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2023-26784

    SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter.... Read more

    Affected Products : kirin_fortress_machine
    • EPSS Score: %0.10
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-1852

    A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. T... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: Mar. 03, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-1872

    SQL injection vulnerability have been found in 101news affecting version 1.0 through the "sadminusername" parameter in admin/add-subadmins.php.... Read more

    Affected Products : best_online_news_portal
    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0177

    The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthent... Read more

    Affected Products : javo_core
    • Published: Mar. 08, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-7517

    A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /getDay.php. The manipulation of the argument cidval leads to sql injection. T... Read more

    Affected Products : online_appointment_booking_system
    • Published: Jul. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8969

    A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.php. The manipulation of the argument ID leads to sql injection. The attack m... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-0268

    A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender... Read more

    Affected Products : hospital_management_system
    • EPSS Score: %0.18
    • Published: Jan. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28037

    An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>.... Read more

    Affected Products : internment
    • EPSS Score: %0.42
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0294

    A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command inject... Read more

    Affected Products : lr1200gb_firmware lr1200gb
    • EPSS Score: %2.07
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-0536

    A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_action.php. The manipulation of the argument attendance_id leads to sql injection.... Read more

    • Published: Jan. 17, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-20681

    In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416936; ... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-3968

    Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.... Read more

    Affected Products : imanager
    • Published: May. 15, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-0767

    WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.... Read more

    Affected Products : wp_activity_log
    • Published: Feb. 27, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-0352

    A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The man... Read more

    Affected Products : likeshop
    • EPSS Score: %91.68
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-35854

    Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the ven... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %3.96
    • Published: Jun. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-1144

    School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-1188

    A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql... Read more

    • Published: Feb. 12, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-31224

    There is broken access control during authentication in Jamf Pro Server before 10.46.1.... Read more

    Affected Products : jamf
    • EPSS Score: %0.08
    • Published: Dec. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0492

    A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyer_detail_submit.php of the component HTTP POST Request Handler. The manipulation of the argument... Read more

    Affected Products : billing_software
    • EPSS Score: %0.05
    • Published: Jan. 13, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291794 Results