Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-35339

    Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac.... Read more

    Affected Products : fh1206_firmware fh1206
    • Published: May. 24, 2024
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-28962

    Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client.... Read more

    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46314

    A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whet... Read more

    Affected Products : dir-846_firmware dir-846
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9845

    Etherpad Lite before 1.6.4 is exploitable for admin access.... Read more

    Affected Products : etherpad_lite
    • Published: Apr. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4666

    The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE... Read more

    Affected Products : form_maker
    • Published: Oct. 16, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-24142

    Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.... Read more

    Affected Products : school_task_manager
    • Published: Feb. 13, 2024
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2021-40036

    The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution.... Read more

    Affected Products : harmonyos
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5756

    The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insuffi... Read more

    • Published: Jun. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48266

    The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.... Read more

    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-12889

    MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case.... Read more

    Affected Products : misp-maltego
    • Published: May. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50422

    SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an ... Read more

    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24782

    Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.... Read more

    Affected Products : funadmin
    • Published: Mar. 08, 2023
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2019-15000

    The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the f... Read more

    • Published: Sep. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15012

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The man... Read more

    Affected Products : mobile_software_development_kit
    • Published: Jan. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1848

    A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/attendance_row.php. The manipulation of the argument id leads to sql injection. It is possible to... Read more

    Affected Products : online_payroll_system
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0778

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the ar... Read more

    Affected Products : isc_2500-s_firmware isc_2500-s
    • Published: Jan. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24051

    A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks.... Read more

    Affected Products : ac21000_g6_firmware ac21000_g6
    • Published: Dec. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1863

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06. ... Read more

    • Published: Apr. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-32671

    Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.... Read more

    Affected Products : escargot
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50987

    Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.... Read more

    Affected Products : i29_firmware i29
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293507 Results