Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-51494

    Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1.... Read more

    Affected Products : product_vendors product_vendors
    • Published: Jun. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36264

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used. This issue affects Apache Submarine Commons Utils... Read more

    Affected Products : submarine
    • Published: Jun. 12, 2024
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-38294

    ALCASAR before 3.6.1 allows email_registration_back.php remote code execution.... Read more

    Affected Products : alcasar
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-2456

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated atta... Read more

    Affected Products : business_intelligence
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-36033

    SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php.... Read more

    Affected Products : water_billing_system
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45832

    Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3.... Read more

    Affected Products : attorney
    • Published: Jun. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-17440

    An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could ... Read more

    Affected Products : central_wifimanager
    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38540

    The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information di... Read more

    Affected Products : airflow
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6457

    The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ‘woof_author’ parameter in all versions up to, and including, 1.3.6 due to insufficient escaping on the user supplied parameter... Read more

    • Published: Jul. 16, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-40704

    The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting... Read more

    Affected Products : vue_pacs
    • Published: Jul. 18, 2024
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-28698

    Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component.... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26794

    Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows attacker to execute arbitrary code via crafted php file.... Read more

    Affected Products : frogcms
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7362

    A vulnerability, which was classified as critical, has been found in SourceCodester Tracking Monitoring Management System 1.0. This issue affects some unknown processing of the file /manage_user.php. The manipulation of the argument id leads to sql inject... Read more

    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 9.8

    CRITICAL
    CVE-2021-41075

    The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.... Read more

    Affected Products : manageengine_opmanager
    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7462

    A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to init... Read more

    Affected Products : n350rt_firmware n350rt
    • Published: Aug. 05, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2025-58462

    OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10159

    An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-57633

    A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftp_file parameter and execut... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-55050

    CWE-1242: Inclusion of Undocumented Features... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-55232

    Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : microsoft_hpc_pack_2019
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
Showing 20 of 293367 Results