Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-21473

    Memory corruption while redirecting log file to any file location with any file name.... Read more

    • Published: Apr. 01, 2024
    • Modified: Jan. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-7097

    A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attac... Read more

    Affected Products : water_billing_system
    • EPSS Score: %0.05
    • Published: Dec. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-7127

    A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. This vulnerability affects unknown code of the component Login. The manipulation of the argument idno leads to sql injection. The exploit has been disclosed to ... Read more

    Affected Products : automated_voting_system
    • EPSS Score: %0.11
    • Published: Dec. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39673

    Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().... Read more

    Affected Products : ac15_firmware ac15
    • EPSS Score: %0.12
    • Published: Aug. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39776

    A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : ticket_support_script
    • EPSS Score: %0.12
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48073

    sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2014-8739

    Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for ... Read more

    • EPSS Score: %78.94
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-0446

    There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264528... Read more

    Affected Products : android
    • EPSS Score: %0.16
    • Published: Nov. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30461

    A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.... Read more

    Affected Products : voipmonitor
    • EPSS Score: %93.25
    • Published: May. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48659

    An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component.... Read more

    Affected Products :
    • Published: Oct. 21, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-2941

    A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /adminpanel/admin/query/loginExe.php. The manipulation of the argument pass lead... Read more

    Affected Products : online_examination_system
    • Published: Mar. 27, 2024
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-48694

    File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48784

    An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-21653

    The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a p... Read more

    Affected Products : vantage6
    • EPSS Score: %0.23
    • Published: Jan. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-52439

    Deserialization of Untrusted Data vulnerability in Mark O’Donnell Team Rosters allows Object Injection.This issue affects Team Rosters: from n/a through 4.6.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-45132

    NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. T... Read more

    Affected Products : naxsi
    • EPSS Score: %0.06
    • Published: Oct. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-45158

    An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server usi... Read more

    Affected Products : web2py
    • EPSS Score: %15.03
    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34371

    Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, lead... Read more

    • EPSS Score: %0.26
    • Published: Sep. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-21764

    In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. ... Read more

    Affected Products : rapid_scada
    • EPSS Score: %0.08
    • Published: Feb. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31349

    The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Techno... Read more

    • EPSS Score: %0.75
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291741 Results