Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-2282

    A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to s... Read more

    Affected Products : automated-mess-management-system
    • Published: Mar. 08, 2024
    • Modified: Mar. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-0631

    Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.... Read more

    Affected Products : mruby
    • EPSS Score: %0.27
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0529

    A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the arg... Read more

    Affected Products : post-office
    • EPSS Score: %0.05
    • Published: Jan. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-28011

    Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200H... Read more

    Affected Products : aterm_wr9500n_firmware
    • Published: Mar. 28, 2024
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2009-0947

    Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.... Read more

    Affected Products : files
    • EPSS Score: %0.39
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26228

    SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.... Read more

    Affected Products : casap_automated_enrollment_system
    • EPSS Score: %0.62
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40050

    ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.... Read more

    Affected Products : zfile
    • EPSS Score: %0.13
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40145

    This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialCon... Read more

    Affected Products : karaf
    • EPSS Score: %1.58
    • Published: Dec. 21, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-23759

    Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.... Read more

    Affected Products : gambio
    • EPSS Score: %64.42
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-2851

    A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It ... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24023

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.... Read more

    Affected Products : novel-plus
    • EPSS Score: %0.07
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35276

    EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.... Read more

    Affected Products : ecm_address_book
    • EPSS Score: %0.32
    • Published: Dec. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24757

    open-irs is an issue response robot that reponds to issues in the installed repository. The `.env` file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets. ... Read more

    Affected Products : open-irs
    • EPSS Score: %0.09
    • Published: Feb. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5065

    A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch ... Read more

    Affected Products : online_course_registration_system
    • Published: May. 17, 2024
    • Modified: Mar. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-29661

    A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload.... Read more

    Affected Products : dedecms
    • Published: Apr. 22, 2024
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-5116

    A vulnerability, which was classified as critical, has been found in SourceCodester Online Examination System 1.0. Affected by this issue is some unknown functionality of the file save.php. The manipulation of the argument vote leads to sql injection. The... Read more

    Affected Products : online_examination_system
    • Published: May. 20, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-51431

    LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.... Read more

    Affected Products : bl-wr1300h_firmware bl-wr1300h
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-5147

    The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include an... Read more

    • Published: May. 22, 2024
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-21167

    All versions of package masuit.tools.core are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has... Read more

    Affected Products : masuit.tools
    • EPSS Score: %0.86
    • Published: May. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40425

    The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-html
    • EPSS Score: %0.14
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291659 Results