Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-6745

    A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Affected is an unknown function of the file adminauthenticate.php of the component Login. The manipulation of the argument email/password leads to sql inject... Read more

    Affected Products : simple_ticket_booking
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-39225

    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code ... Read more

    • Published: Aug. 06, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-3948

    A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \admin\student.add.php of the component Photo Handler. The manipulation leads to unr... Read more

    Affected Products : library_system
    • Published: Apr. 18, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-6012

    An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire inf... Read more

    Affected Products : onsafe_monitorhm
    • Published: Nov. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-39622

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.... Read more

    Affected Products : listingpro
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2017-9453

    BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.... Read more

    Affected Products : server_automation
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6049

    The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog... Read more

    Affected Products : estatik
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-54925

    A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-54984

    An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message. NOTE: this is disputed by the supplier.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-41652

    Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.... Read more

    Affected Products : quiz_and_survey_master
    • Published: Nov. 18, 2022
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41711

    Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.... Read more

    Affected Products : badaso
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-33734

    BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php.... Read more

    Affected Products : bluecms bluecms
    • Published: May. 30, 2023
    • Modified: Jan. 13, 2025

  • 9.8

    CRITICAL
    CVE-2021-27362

    The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code.... Read more

    Affected Products : irfanview wpg
    • Published: Feb. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6414

    A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially... Read more

    Affected Products : voovi
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7583

    A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. Th... Read more

    Affected Products : i22_firmware i22
    • Published: Aug. 07, 2024
    • Modified: Aug. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-7585

    A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads t... Read more

    Affected Products : i22_firmware i22
    • Published: Aug. 07, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2021-27417

    eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflo... Read more

    Affected Products : ecospro
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23898

    MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.... Read more

    Affected Products : mcms
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6042

    A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. T... Read more

    Affected Products : real_estate_management_system
    • Published: Jun. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8130

    A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240... Read more

    • Published: Aug. 24, 2024
    • Modified: Aug. 27, 2024
Showing 20 of 294283 Results