Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-32002

    Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=.... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26644

    SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is ... Read more

    Affected Products : windows mangboard_wp mang_board
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-32019

    Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car.... Read more

    Affected Products : car_rental_management_system
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5443

    CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` endpoint, where a path traversal issue allows attackers ... Read more

    Affected Products : lollms
    • Published: Jun. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35760

    bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).... Read more

    Affected Products : bloofoxcms
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5488

    The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site i... Read more

    Affected Products : seopress
    • Published: Jul. 09, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40872

    An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode.... Read more

    Affected Products : simple_e-learning_system
    • Published: Oct. 07, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-2813

    A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-ba... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-55586

    Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-28441

    File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint.... Read more

    Affected Products : magicflue
    • Published: Mar. 22, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-3356

    A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/mod_settings/controller.php?action=add. The manipulation o... Read more

    • Published: Apr. 05, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-33567

    Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.... Read more

    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-33835

    Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: May. 01, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-3238

    A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62. This issue affects some unknown processing of the file /admin/read.php?mudi=getSignal. The manipulation of the argument signalUrl leads to server-side request forgery. ... Read more

    Affected Products : otcms
    • Published: Jun. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-31989

    Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=.... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2934

    A vulnerability classified as critical was found in SourceCodester Todo List in Kanban Board 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-todo.php. The manipulation of the argument list leads to sql injectio... Read more

    Affected Products : todo_list_in_kanban_board
    • Published: Mar. 27, 2024
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-41002

    Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequ... Read more

    Affected Products : quartz-gold_firmware quartz-gold
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-29873

    SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and ex... Read more

    Affected Products : sentrifugo sentrifugo
    • Published: Mar. 21, 2024
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-30221

    Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. ... Read more

    Affected Products : sunshine_photo_cart
    • Published: Mar. 28, 2024
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-30622

    Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function.... Read more

    Affected Products : fh1205_firmware fh1205
    • Published: Mar. 29, 2024
    • Modified: Mar. 13, 2025
Showing 20 of 292795 Results