Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-24431

    All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization.... Read more

    Affected Products : abacus-ext-cmdline
    • Published: Dec. 21, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-39651

    Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versi... Read more

    Affected Products : theme_volty_cms_brandlist
    • Published: Oct. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4447

    A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remo... Read more

    Affected Products : rapidcms
    • Published: Aug. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39681

    Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload.... Read more

    Affected Products : cuppacms
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000641

    YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.... Read more

    Affected Products : yeswiki
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39749

    D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource. This vulnerability is exploited via a crafted GET request.... Read more

    Affected Products : dap-2660_firmware dap-2660
    • Published: Aug. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-3973

    A vulnerability, which was classified as critical, was found in PHPGurukul COVID19 Testing Management System 1.0. This affects an unknown part of the file /check_availability.php. The manipulation of the argument mobnumber leads to sql injection. It is po... Read more

    Affected Products : covid19_testing_management_system
    • Published: Apr. 27, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-48168

    A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code.... Read more

    Affected Products : dcs-960l_firmware dcs-960l
    • Published: Oct. 14, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-48204

    SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.... Read more

    Affected Products :
    • Published: Oct. 25, 2024
    • Modified: Oct. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-48406

    Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c.... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-52274

    Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 04, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-45046

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3. ... Read more

    Affected Products : pressference_exporter
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-52433

    Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2.... Read more

    Affected Products : my_geo_posts_free
    • Published: Nov. 18, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-4006

    Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.... Read more

    Affected Products : phpmyfaq
    • Published: Jul. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5335

    The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store... Read more

    Affected Products : ultimate_store_kit
    • Published: Aug. 21, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-49716

    In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. ... Read more

    • Published: Feb. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-49318

    Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 9.8

    CRITICAL
    CVE-2023-45334

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database... Read more

    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-52765

    H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.... Read more

    Affected Products : gr-1800ax_firmware gr-1800ax
    • Published: Nov. 20, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-22212

    Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended... Read more

    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293304 Results