Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-22901

    Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.... Read more

    Affected Products : vinchin_backup_and_recovery
    • EPSS Score: %0.11
    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-44004

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.... Read more

    Affected Products : track_\&_trace
    • Published: Sep. 17, 2024
    • Modified: Sep. 24, 2024

  • 9.8

    CRITICAL
    CVE-2022-38488

    logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter.... Read more

    Affected Products : logrocket-oauth2-example
    • EPSS Score: %6.81
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-2139

    The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.... Read more

    Affected Products : iview
    • EPSS Score: %0.24
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45169

    An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (D... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Aug. 22, 2024

  • 9.8

    CRITICAL
    CVE-2023-27574

    ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.... Read more

    Affected Products : shadowsocksx-ng
    • EPSS Score: %0.08
    • Published: Mar. 03, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-24004

    jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct ... Read more

    Affected Products : jsherp
    • EPSS Score: %0.12
    • Published: Feb. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24018

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list... Read more

    Affected Products : novel-plus
    • EPSS Score: %0.08
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24332

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.... Read more

    Affected Products : a3300r_firmware a3300r
    • EPSS Score: %2.74
    • Published: Jan. 30, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2017-8837

    Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of thes... Read more

    • EPSS Score: %11.03
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-7099

    A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file bwdates-report-result.php. The manipulation of the argument fromdate leads to... Read more

    • EPSS Score: %0.04
    • Published: Dec. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-7111

    A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch ... Read more

    Affected Products : library_management_system
    • EPSS Score: %0.05
    • Published: Dec. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25019

    IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system ... Read more

    Affected Products : cognos_controller
    • Published: Dec. 03, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2023-27648

    Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage.... Read more

    Affected Products : change_color_of_keypad
    • EPSS Score: %2.69
    • Published: Apr. 14, 2023
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-38999

    The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.16
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3900

    The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability.... Read more

    Affected Products : cooked
    • EPSS Score: %27.34
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-25400

    Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, an... Read more

    Affected Products : subrion
    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-26096

    Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.... Read more

    Affected Products : android dex
    • EPSS Score: %0.38
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41745

    ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.... Read more

    Affected Products : showdoc
    • EPSS Score: %0.33
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25995

    An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.... Read more

    • Published: Mar. 12, 2024
    • Modified: Jan. 30, 2025
Showing 20 of 291722 Results