Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-45709

    IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function.... Read more

    Affected Products : m50_firmware m50
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-35813

    Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.... Read more

    • Published: Jun. 17, 2023
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2023-35782

    The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.... Read more

    Affected Products : ipandlanguageredirect
    • Published: Jun. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2707

    A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with ... Read more

    • Published: Aug. 08, 2022
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2022-27140

    An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misu... Read more

    Affected Products : express-fileupload
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-25513

    Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.... Read more

    Affected Products : seacms
    • Published: Feb. 24, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-44410

    D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.... Read more

    Affected Products : di-8300_firmware di-8300
    • Published: Sep. 09, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-44466

    COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.... Read more

    Affected Products : cf-xr11_firmware cf-xr11
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-12940

    A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/student_action.php. The manipulation of the argument student_id leads to sql i... Read more

    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-12981

    A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to s... Read more

    Affected Products : car_rental_system
    • Published: Dec. 27, 2024
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-48654

    One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset function... Read more

    Affected Products : password_manager
    • Published: Dec. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-13003

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /update_ed.php. The manipulation of the argument e_id leads to sql injection. T... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 29, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-2723

    A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possi... Read more

    • Published: Aug. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-13035

    A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/update_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated... Read more

    Affected Products : chat_system chat_system chat_system
    • Published: Dec. 30, 2024
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2020-27678

    An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.... Read more

    Affected Products : smartos omnios illumos
    • Published: Oct. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27263

    An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.... Read more

    Affected Products : strapi
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48685

    Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. ... Read more

    Affected Products : railway_reservation_system
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-28100

    A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter.... Read more

    Affected Products : dingfanzu
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-26210

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerabilit... Read more

    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-41368

    RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php... Read more

    Affected Products : phoniebox
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024
Showing 20 of 293354 Results