Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-25730

    Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).... Read more

    • Published: Feb. 23, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-30223

    Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. ... Read more

    Affected Products : armember
    • Published: Mar. 28, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-4914

    A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. This issue affects some unknown processing of the file ranking-exam.php. The manipulation of the argument exam_id leads to sql injection. The att... Read more

    Affected Products : online_examination_system
    • Published: May. 15, 2024
    • Modified: Feb. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-0949

    The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX ... Read more

    Affected Products : block_and_stop_bad_bots stopbadbots
    • EPSS Score: %69.08
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7644

    Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be acc... Read more

    Affected Products : auth0-wcf-service-jwt
    • EPSS Score: %0.52
    • Published: Apr. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-30538

    Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through 2.5.4.... Read more

    Affected Products : delucks_seo
    • Published: Jun. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-30587

    Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Mar. 28, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-1781

    A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. Th... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Feb. 23, 2024
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-30998

    SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component.... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 03, 2024
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-31985

    A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.... Read more

    Affected Products : br-6428ns_firmware br-6428ns
    • EPSS Score: %0.36
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-32002

    Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=.... Read more

    • EPSS Score: %0.25
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26621

    An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function.... Read more

    Affected Products : mex01_firmware mex01
    • EPSS Score: %3.31
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26644

    SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is ... Read more

    Affected Products : windows mangboard_wp mang_board
    • EPSS Score: %1.15
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-32019

    Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car.... Read more

    Affected Products : car_rental_management_system
    • EPSS Score: %3.38
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5443

    CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` endpoint, where a path traversal issue allows attackers ... Read more

    Affected Products : lollms
    • Published: Jun. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40824

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where() function. Note: Multiple third parties have disputed this as not a valid vulnerability.... Read more

    Affected Products : codeigniter
    • EPSS Score: %0.08
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35760

    bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).... Read more

    Affected Products : bloofoxcms
    • EPSS Score: %1.34
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5488

    The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site i... Read more

    Affected Products : seopress
    • Published: Jul. 09, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40872

    An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode.... Read more

    Affected Products : simple_e-learning_system
    • EPSS Score: %0.08
    • Published: Oct. 07, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-2813

    A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-ba... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291728 Results