Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-19692

    Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.... Read more

    Affected Products : njs njs
    • Published: Apr. 04, 2023
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-25722

    qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.... Read more

    Affected Products : qanything
    • Published: Feb. 11, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-25935

    Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. ... Read more

    Affected Products : registrationmagic
    • Published: Apr. 11, 2024
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-31094

    Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05. ... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2799

    A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded pas... Read more

    Affected Products : cnoa_oa
    • Published: May. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25826

    Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix th... Read more

    Affected Products : opentsdb
    • Published: May. 03, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-28094

    Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.... Read more

    Affected Products : pega_platform platform
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6840

    A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which cou... Read more

    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-53909

    An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.... Read more

    Affected Products : enterprise_vault
    • Published: Nov. 24, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-53910

    An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.... Read more

    Affected Products : enterprise_vault
    • Published: Nov. 24, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2023-32306

    Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST ... Read more

    Affected Products : time_tracker
    • Published: May. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5519

    A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack c... Read more

    Affected Products : learning_management_system
    • Published: May. 30, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-40887

    SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.... Read more

    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-28212

    nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-33435

    Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend func... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3348

    A vulnerability classified as critical has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Affected is an unknown function of the file booking/index.php. The manipulation of the argument log_email/log_pword leads to sql inj... Read more

    • Published: Apr. 05, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-4093

    SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to repu... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Nov. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3350

    A vulnerability, which was classified as critical, has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Affected by this issue is some unknown functionality of the file admin/mod_room/index.php. The manipulation of the argum... Read more

    • Published: Apr. 05, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-2879

    The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ... Read more

    Affected Products : layerslider layerslider
    • Published: Apr. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-56327

    pyrage is a set of Python bindings for the rage file encryption library (age in Rust). `pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to `py... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 20, 2024
Showing 20 of 292795 Results