Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-5519

    The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.... Read more

    Affected Products : openlitespeed
    • EPSS Score: %0.52
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-44071

    SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.... Read more

    Affected Products : seacms
    • Published: May. 05, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-39348

    Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows Object Injection.This issue affects Grand Restaurant WordPress: from n/a through 7.0.... Read more

    Affected Products : grand_restaurant
    • Published: May. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44192

    SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance.... Read more

    Affected Products : simple_barangay_management_system
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-46586

    TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_allow (sub_415B00) function.... Read more

    Affected Products : tew-755ap_firmware tew-755ap
    • EPSS Score: %0.12
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-37084

    In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server... Read more

    Affected Products : spring_cloud_data_flow
    • Published: Jul. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28171

    The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.... Read more

    Affected Products : deltaflow
    • EPSS Score: %0.28
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4905

    SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : wp-olivecart olivecart olivecartpro
    • EPSS Score: %1.73
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2025-52709

    Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms allows Object Injection. This issue affects Everest Forms: from n/a through 3.2.2.... Read more

    Affected Products : everest_forms
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-45682

    There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.... Read more

    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 9.8

    CRITICAL
    CVE-2025-2294

    The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute ... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2021-28173

    The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.... Read more

    Affected Products : deltaflow
    • EPSS Score: %0.75
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3686

    A vulnerability was found in Bylancer QuickAI OpenAI 3.8.1. It has been declared as critical. This vulnerability affects unknown code of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The ... Read more

    Affected Products : quickai_openai
    • EPSS Score: %0.04
    • Published: Jul. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27773

    A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.... Read more

    Affected Products : endpoint_manager
    • EPSS Score: %0.57
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-42180

    HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute maliciou... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 12, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-45874

    A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-3464

    A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to ... Read more

    Affected Products : laundry_shop_management_system
    • Published: Apr. 08, 2024
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-37149

    TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.... Read more

    Affected Products : lr350_firmware lr350
    • EPSS Score: %1.45
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37291

    Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This i... Read more

    Affected Products : vitals_enterprise_social_platform
    • EPSS Score: %0.25
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27144

    The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can ... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292247 Results