Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10732

    A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /module/word_model/view/index.php. The manipulation of the argument query_str leads to sql inje... Read more

    • Published: Nov. 03, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10764

    A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to... Read more

    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-10735

    A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injection. T... Read more

    Affected Products : life_insurance_management_system
    • Published: Nov. 03, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-0883

    A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injecti... Read more

    • EPSS Score: %0.05
    • Published: Jan. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-41702

    SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Read more

    Affected Products : siberiancms
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0473

    A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the atta... Read more

    Affected Products : dormitory_management_system
    • EPSS Score: %0.05
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51052

    S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.... Read more

    Affected Products : s-cms
    • EPSS Score: %0.12
    • Published: Dec. 21, 2023
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2025-3330

    A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. This vulnerability affects unknown code of the file /reservation_save.php. The manipulation of the argument first leads to sql injection. The attack ... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-33859

    A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical syste... Read more

    • EPSS Score: %0.17
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11101

    A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2025-0960

    AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-4309

    A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add-art-type.php. The manipulation of the argument arttype leads to sql injec... Read more

    Affected Products : art_gallery_management_system
    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-0481

    A vulnerability was found in Taokeyun up to 1.0.5. It has been rated as critical. Affected by this issue is the function shopGoods of the file application/index/controller/app/store/Goods.php of the component HTTP POST Request Handler. The manipulation of... Read more

    Affected Products : taokeyun
    • EPSS Score: %0.05
    • Published: Jan. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33496

    xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode.... Read more

    Affected Products : xxl-rpc
    • EPSS Score: %0.10
    • Published: Jun. 07, 2023
    • Modified: Jan. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-3829

    A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injecti... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 20, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4508

    A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /my-profile.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated r... Read more

    Affected Products : e-diary_management_system
    • Published: May. 10, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-43974

    MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.... Read more

    Affected Products : matrixssl
    • EPSS Score: %8.72
    • Published: Jan. 09, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-11256

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may ... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11320

    Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4... Read more

    Affected Products : pandora_fms
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2025-4632

    Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.... Read more

    Affected Products : magicinfo_9_server
    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291812 Results