Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-31349

    The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Techno... Read more

    • EPSS Score: %0.75
    • Published: Oct. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48871

    The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code e... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2023-4488

    The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the exe... Read more

    Affected Products : dropbox_folder_share
    • EPSS Score: %0.48
    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4873

    On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a kn... Read more

    • EPSS Score: %8.97
    • Published: Jan. 11, 2023
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-41505

    An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : student_enrollment
    • Published: Mar. 13, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-24657

    Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22).... Read more

    Affected Products : goldshell_miner_firmware
    • EPSS Score: %0.38
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24697

    Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject a... Read more

    Affected Products : kylin
    • EPSS Score: %55.95
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-24702

    An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer... Read more

    Affected Products : winaprs
    • EPSS Score: %40.09
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-45347

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the data... Read more

    Affected Products : online_food_ordering_script
    • EPSS Score: %0.10
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-45467

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.... Read more

    Affected Products : n3m_firmware n3m
    • EPSS Score: %1.14
    • Published: Oct. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4558

    A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file staff_data.php. The manipulation of the argument columns[0][data] leads to sql injec... Read more

    • EPSS Score: %0.06
    • Published: Aug. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51405

    Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74. ... Read more

    Affected Products : bookingpress
    • Published: Apr. 24, 2024
    • Modified: Mar. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-29514

    Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    • EPSS Score: %0.57
    • Published: Feb. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4973

    A vulnerability classified as critical was found in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument name/number/address leads to sql injection. The attack can be ini... Read more

    Affected Products : simple_chat_system
    • Published: May. 16, 2024
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2025-4159

    A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component GLOB Command Handler. The manipulation leads to buffer overflow. The attack can be lau... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 01, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-40494

    Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet.... Read more

    Affected Products : freecoap
    • Published: Oct. 22, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2020-28140

    SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.... Read more

    Affected Products : online_clothing_store
    • EPSS Score: %0.58
    • Published: Nov. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31649

    In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute... Read more

    Affected Products : jfinal
    • EPSS Score: %0.40
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50488

    An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code.... Read more

    • EPSS Score: %0.51
    • Published: Feb. 02, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-24642

    Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php.... Read more

    Affected Products : judging_management_system
    • EPSS Score: %0.07
    • Published: Mar. 03, 2023
    • Modified: Mar. 07, 2025
Showing 20 of 291756 Results