Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-27145

    The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vu... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42563

    An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file.... Read more

    Affected Products : erp erp
    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-42566

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42571

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.... Read more

    • Published: Aug. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-23336

    S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.... Read more

    Affected Products : s-cms
    • EPSS Score: %0.26
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42765

    A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters.... Read more

    Affected Products : bus_ticket_reservation_system
    • Published: Aug. 23, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-42782

    A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.... Read more

    Affected Products : music_management_system
    • Published: Aug. 21, 2024
    • Modified: Aug. 23, 2024

  • 9.8

    CRITICAL
    CVE-2019-9585

    eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.... Read more

    • EPSS Score: %0.51
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47122

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd_5g parameter at /goform/WifiBasicSet.... Read more

    Affected Products : a15_firmware a15
    • EPSS Score: %0.12
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-4300

    E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database ... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1659

    Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10.... Read more

    Affected Products : megabip
    • Published: Jun. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47208

    Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-37470

    Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8.... Read more

    Affected Products : woffice
    • Published: Nov. 01, 2024
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-37461

    Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a `belongType` value with a relative path like `../../../../` which may cause metersphere to attempt to overwrite an existing file in the defined location or to creat... Read more

    Affected Products : metersphere
    • EPSS Score: %0.08
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47359

    Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Depicter Slider: from n/a through 3.2.2.... Read more

    Affected Products : depicter
    • Published: Nov. 01, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2022-48149

    Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.... Read more

    Affected Products : online_student_admission_system
    • EPSS Score: %0.10
    • Published: Feb. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37522

    HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser. ... Read more

    • EPSS Score: %0.14
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9951

    Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerabilit... Read more

    • EPSS Score: %1.33
    • Published: Apr. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-43423

    The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 01, 2024

  • 9.8

    CRITICAL
    CVE-2022-4719

    Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.... Read more

    Affected Products : rdiffweb
    • EPSS Score: %0.08
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292247 Results