Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-57703

    Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jan. 16, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57665

    JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.... Read more

    Affected Products : jfinalcms
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57579

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 16, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57575

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 16, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57581

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 16, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57483

    Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.... Read more

    Affected Products : i24_firmware i24
    • Published: Jan. 14, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57583

    Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 16, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57395

    Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.... Read more

    Affected Products :
    • Published: Jan. 29, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57480

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary comma... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57328

    A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass au... Read more

    Affected Products : online_food_ordering_system
    • Published: Jan. 23, 2025
    • Modified: Jan. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57590

    TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST ... Read more

    Affected Products : tew-632brp_firmware tew-632brp
    • Published: Jan. 27, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57235

    NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.... Read more

    Affected Products : rax50_firmware rax50
    • Published: May. 05, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57098

    Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57229

    NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.... Read more

    Affected Products : rax50_firmware rax50
    • Published: May. 05, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57169

    A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files.... Read more

    Affected Products : soplanning
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57190

    Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-56975

    InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller.... Read more

    Affected Products : invoiceplane
    • Published: Mar. 28, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-56828

    File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method f... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Jan. 06, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-56897

    Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabli... Read more

    • Published: Feb. 24, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-57032

    WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field.... Read more

    Affected Products : wegia
    • Published: Jan. 17, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authentication
Showing 20 of 292871 Results