Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-1268

    A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely... Read more

    Affected Products : restaurant_pos_system
    • Published: Feb. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30054

    TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-43519

    Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.... Read more

    • Published: Feb. 06, 2024
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-45699

    Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.... Read more

    Affected Products : ecu-r_firmware ecu-r
    • Published: Feb. 10, 2023
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-45709

    IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function.... Read more

    Affected Products : m50_firmware m50
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-35813

    Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.... Read more

    • Published: Jun. 17, 2023
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2023-35782

    The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.... Read more

    Affected Products : ipandlanguageredirect
    • Published: Jun. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2707

    A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with ... Read more

    • Published: Aug. 08, 2022
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2022-27140

    An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misu... Read more

    Affected Products : express-fileupload
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-25513

    Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.... Read more

    Affected Products : seacms
    • Published: Feb. 24, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-44410

    D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.... Read more

    Affected Products : di-8300_firmware di-8300
    • Published: Sep. 09, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-44466

    COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.... Read more

    Affected Products : cf-xr11_firmware cf-xr11
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-12940

    A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/student_action.php. The manipulation of the argument student_id leads to sql i... Read more

    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-12981

    A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to s... Read more

    Affected Products : car_rental_system
    • Published: Dec. 27, 2024
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-48654

    One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset function... Read more

    Affected Products : password_manager
    • Published: Dec. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-13003

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /update_ed.php. The manipulation of the argument e_id leads to sql injection. T... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 29, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-2723

    A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possi... Read more

    • Published: Aug. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-13035

    A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/update_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated... Read more

    Affected Products : chat_system chat_system chat_system
    • Published: Dec. 30, 2024
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2020-27678

    An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.... Read more

    Affected Products : smartos omnios illumos
    • Published: Oct. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27263

    An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.... Read more

    Affected Products : strapi
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294276 Results