Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-7587

    Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function.... Read more

    Affected Products : bw
    • EPSS Score: %0.26
    • Published: Feb. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25626

    Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before and included Yocto Project 4.3.1), with the Toaster serve... Read more

    Affected Products : yocto
    • Published: Feb. 19, 2024
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-25730

    Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).... Read more

    • Published: Feb. 23, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-30223

    Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. ... Read more

    Affected Products : armember
    • Published: Mar. 28, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-4914

    A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. This issue affects some unknown processing of the file ranking-exam.php. The manipulation of the argument exam_id leads to sql injection. The att... Read more

    Affected Products : online_examination_system
    • Published: May. 15, 2024
    • Modified: Feb. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-0949

    The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX ... Read more

    Affected Products : block_and_stop_bad_bots stopbadbots
    • EPSS Score: %69.08
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7644

    Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be acc... Read more

    Affected Products : auth0-wcf-service-jwt
    • EPSS Score: %0.52
    • Published: Apr. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-30538

    Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through 2.5.4.... Read more

    Affected Products : delucks_seo
    • Published: Jun. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-30587

    Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Mar. 28, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-1781

    A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. Th... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Feb. 23, 2024
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-30998

    SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component.... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 03, 2024
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-31985

    A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.... Read more

    Affected Products : br-6428ns_firmware br-6428ns
    • EPSS Score: %0.36
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-32002

    Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=.... Read more

    • EPSS Score: %0.25
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26621

    An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function.... Read more

    Affected Products : mex01_firmware mex01
    • EPSS Score: %3.31
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26644

    SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is ... Read more

    Affected Products : windows mangboard_wp mang_board
    • EPSS Score: %1.15
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-32019

    Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car.... Read more

    Affected Products : car_rental_management_system
    • EPSS Score: %3.38
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5443

    CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` endpoint, where a path traversal issue allows attackers ... Read more

    Affected Products : lollms
    • Published: Jun. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40824

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. Note: Multiple third parties have disputed this as not a valid vulnerability.... Read more

    Affected Products : codeigniter
    • EPSS Score: %0.08
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35760

    bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).... Read more

    Affected Products : bloofoxcms
    • EPSS Score: %1.34
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5488

    The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site i... Read more

    Affected Products : seopress
    • Published: Jul. 09, 2024
    • Modified: May. 21, 2025
Showing 20 of 291712 Results