Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-11967

    A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injection. It is possib... Read more

    Affected Products : complaint_management_system
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2023-34399

    Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-45712

    IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsForward function.... Read more

    Affected Products : m50_firmware m50
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2019-18572

    The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication.... Read more

    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27063

    Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted ... Read more

    Affected Products : w15e_firmware w15e
    • Published: Mar. 13, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-45010

    Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php.... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-45717

    IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request.... Read more

    Affected Products : m50_firmware m50
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2014-7175

    FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.... Read more

    • Published: Jun. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39453

    A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver this file to trigger this vulnerability.... Read more

    Affected Products : imagegear
    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34800

    D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main.... Read more

    Affected Products : go-rt-ac750_firmware go-rt-ac750
    • Published: Jun. 15, 2023
    • Modified: Dec. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-40393

    Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php.... Read more

    Affected Products : online_clinic_management_system
    • Published: Jul. 16, 2024
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-1228

    Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before vers... Read more

    Affected Products : przychodnia
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-39375

    TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator privileges.... Read more

    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9010

    An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGate... Read more

    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-40502

    SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx... Read more

    • Published: Jul. 22, 2024
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-40524

    Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute arbitrary code via the webtool\application.py component.... Read more

    Affected Products :
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-43956

    Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34.... Read more

    Affected Products : memberpress
    • Published: Nov. 01, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2023-39641

    Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent().... Read more

    Affected Products : full_affiliates
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45173

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker c... Read more

    Affected Products : vdesk
    • Published: Apr. 14, 2023
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-39661

    An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function.... Read more

    Affected Products : pandasai
    • Published: Aug. 15, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results