Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-57395

    Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.... Read more

    Affected Products :
    • Published: Jan. 29, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57480

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary comma... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57328

    A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass au... Read more

    Affected Products : online_food_ordering_system
    • Published: Jan. 23, 2025
    • Modified: Jan. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57590

    TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST ... Read more

    Affected Products : tew-632brp_firmware tew-632brp
    • Published: Jan. 27, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57235

    NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.... Read more

    Affected Products : rax50_firmware rax50
    • Published: May. 05, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57098

    Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57229

    NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.... Read more

    Affected Products : rax50_firmware rax50
    • Published: May. 05, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57169

    A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files.... Read more

    Affected Products : soplanning
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57190

    Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-56975

    InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller.... Read more

    Affected Products : invoiceplane
    • Published: Mar. 28, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-56828

    File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method f... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Jan. 06, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-56897

    Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabli... Read more

    • Published: Feb. 24, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-57032

    WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57035

    WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-56521

    An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.... Read more

    Affected Products : tcpdf
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-56511

    DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.... Read more

    Affected Products : dataease
    • Published: Jan. 10, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-56220

    Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-56325

    Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"co... Read more

    Affected Products : pinot
    • Published: Apr. 01, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-56066

    Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through 1.0.23.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-56337

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time t... Read more

    Affected Products : tomcat bootstrap_os hci_compute_node
    • Published: Dec. 20, 2024
    • Modified: Aug. 08, 2025
Showing 20 of 292803 Results