Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-30261

    Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.... Read more

    Affected Products : openwb
    • EPSS Score: %53.69
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3435

    The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.... Read more

    Affected Products : user_activity_log
    • EPSS Score: %0.34
    • Published: Aug. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7350

    The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging... Read more

    Affected Products : bookingpress
    • Published: Aug. 08, 2024
    • Modified: Aug. 08, 2024

  • 9.8

    CRITICAL
    CVE-2023-6885

    A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql inje... Read more

    Affected Products : tongda_office_anywhere
    • EPSS Score: %0.06
    • Published: Dec. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6902

    A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. This vulnerability affects unknown code of the file /file-manager/upload.php. The manipulation of the argument file leads to unrestricted upload. The expl... Read more

    Affected Products : stupid_simple_cms
    • EPSS Score: %0.08
    • Published: Dec. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7311

    A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file register.php. The manipulation of the argument Email leads to sql injection. The attack may b... Read more

    Affected Products : online_bus_reservation_site
    • Published: Jul. 31, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2023-6895

    A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the in... Read more

    • EPSS Score: %92.12
    • Published: Dec. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7641

    A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file deactivate_act.php. The manipulation of the argument id leads to sql injection. I... Read more

    Affected Products : advocate_office_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-7798

    A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2. The ... Read more

    Affected Products : simple_online_bidding_system
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2023-6972

    The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it po... Read more

    Affected Products : backup_migration
    • EPSS Score: %3.77
    • Published: Dec. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-30865

    netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_user_login.php.... Read more

    Affected Products : ns-asg_firmware ns-asg
    • Published: Apr. 01, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-3457

    A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the att... Read more

    Affected Products : shopping_website
    • EPSS Score: %0.07
    • Published: Jun. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34581

    Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2... Read more

    • EPSS Score: %0.27
    • Published: Jun. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34598

    Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.... Read more

    Affected Products : gibbon
    • EPSS Score: %90.83
    • Published: Jun. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27698

    RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function.... Read more

    Affected Products : riot
    • EPSS Score: %0.46
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34601

    Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.... Read more

    Affected Products : jeesite
    • EPSS Score: %0.06
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9924

    The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .... Read more

    Affected Products : oaklouds_portal
    • Published: Oct. 14, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2022-42120

    A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute... Read more

    Affected Products : liferay_portal dxp
    • EPSS Score: %0.29
    • Published: Nov. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9972

    Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-40416

    A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results