Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-56158

    XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows us... Read more

    Affected Products : xwiki
    • Published: Jun. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-55964

    An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create ... Read more

    Affected Products : appsmith
    • Published: Mar. 26, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-55956

    In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.... Read more

    Affected Products : lexicom harmony vltrader
    • Actively Exploited
    • Published: Dec. 13, 2024
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-56000

    Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements allows Privilege Escalation.This issue affects K Elements: from n/a before 5.4.0.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-55564

    The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-55638

    Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal core contains a chain of methods that is exploitabl... Read more

    Affected Products : drupal
    • Published: Dec. 10, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-55509

    SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component.... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 20, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-55371

    Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authentic... Read more

    Affected Products : wallos
    • Published: Apr. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-55210

    An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message.... Read more

    Affected Products : framework_\(linha_protheus\)
    • Published: Apr. 09, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-55225

    An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.... Read more

    Affected Products : vaultwarden
    • Published: Jan. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-55062

    Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-55215

    An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.... Read more

    Affected Products : trojan
    • Published: Feb. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-55875

    http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-55028

    A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file.... Read more

    Affected Products : fprime
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-55194

    OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.... Read more

    Affected Products : openimageio
    • Published: Jan. 23, 2025
    • Modified: Jan. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-54923

    A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-54920

    A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id par... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-54809

    Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specia... Read more

    Affected Products : wnr854t_firmware wnr854t
    • Published: Mar. 31, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-54921

    A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parame... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-54807

    In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can ... Read more

    Affected Products : wnr854t_firmware wnr854t
    • Published: Mar. 31, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection
Showing 20 of 292801 Results