Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-44796

    An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a functio... Read more

    Affected Products : object_first ootbi
    • EPSS Score: %0.36
    • Published: Nov. 07, 2022
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-11966

    A vulnerability was found in PHPGurukul Complaint Management system 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may b... Read more

    Affected Products : complaint_management_system
    • Published: Nov. 28, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2025-5602

    A vulnerability, which was classified as critical, was found in Campcodes Hospital Management System 1.0. Affected is an unknown function of the file /admin/registration.php. The manipulation of the argument full_name leads to sql injection. It is possibl... Read more

    Affected Products : online_hospital_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5701

    The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-7475

    A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. It is possible to initiate the attack re... Read more

    • Published: Jul. 12, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-45711

    IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function.... Read more

    Affected Products : m50_firmware m50
    • EPSS Score: %37.67
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-34545

    A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL.... Read more

    Affected Products : cszcms
    • EPSS Score: %0.29
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45026

    An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process.... Read more

    Affected Products : markdown_preview_enhanced
    • EPSS Score: %0.12
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-22553

    Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to pa... Read more

    Affected Products : emc_appsync appsync
    • EPSS Score: %0.46
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-43689

    Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.... Read more

    • Published: Oct. 21, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2025-6897

    A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has b... Read more

    Affected Products : di-7300g\+_firmware di-7300g\+
    • Published: Jun. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-21396

    Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : account micrososft_account
    • Published: Jan. 29, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-7411

    A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /success.php. The manipulation of the argument ID leads to sql injection. The attack c... Read more

    Affected Products : lifestyle_store
    • Published: Jul. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-34750

    bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.... Read more

    Affected Products : macos bloofoxcms
    • EPSS Score: %0.40
    • Published: Jun. 14, 2023
    • Modified: Jan. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-40415

    A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-40493

    Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_p... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Oct. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-40539

    my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.... Read more

    Affected Products : my-springsecurity-plus
    • Published: Jul. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45182

    Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.... Read more

    Affected Products : pi-star_digital_voice_dashboard
    • EPSS Score: %0.44
    • Published: Nov. 11, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-39649

    Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection... Read more

    Affected Products : theme_volty_cms_category_slider
    • EPSS Score: %0.07
    • Published: Oct. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39647

    Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL inject... Read more

    Affected Products : theme_volty_cms_category_product
    • EPSS Score: %0.07
    • Published: Oct. 03, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292247 Results