Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10420

    A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the file /marimar/guest/update.php. The manipulation of the argument image leads to unrestricted upload. It is p... Read more

    Affected Products : attendance_and_payroll_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2017-8307

    In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Ava... Read more

    Affected Products : antivirus
    • EPSS Score: %0.99
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-10456

    Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.... Read more

    Affected Products : infrasuite_device_master
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-10601

    A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument where_repea... Read more

    • Published: Oct. 31, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2023-30869

    Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1.... Read more

    • EPSS Score: %0.11
    • Published: May. 02, 2023
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-1112

    Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.... Read more

    Affected Products : resource_hacker
    • EPSS Score: %38.85
    • Published: Jan. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36972

    This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a ... Read more

    Affected Products : avalanche
    • EPSS Score: %2.07
    • Published: Mar. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36986

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary command... Read more

    • EPSS Score: %0.75
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-5918

    A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch... Read more

    Affected Products : visitor_management_system
    • EPSS Score: %0.06
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37003

    The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files.... Read more

    Affected Products : emui harmonyos magic_ui
    • EPSS Score: %0.24
    • Published: Aug. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6084

    A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VU_ID leads to sql injection. The expl... Read more

    Affected Products : tongda_office_anywhere
    • EPSS Score: %0.06
    • Published: Nov. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6232

    Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive o... Read more

    • EPSS Score: %0.43
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3100

    A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been discl... Read more

    Affected Products : ibos
    • EPSS Score: %0.05
    • Published: Jun. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6316

    The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upl... Read more

    Affected Products : mw_wp_form mw_wp_form
    • EPSS Score: %8.27
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26261

    In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15.... Read more

    Affected Products : waap_cloud waap_gateway
    • EPSS Score: %0.02
    • Published: Mar. 08, 2023
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-6415

    A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted... Read more

    Affected Products : voovi
    • EPSS Score: %0.20
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6617

    A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit... Read more

    Affected Products : simple_student_attendance_system
    • EPSS Score: %0.06
    • Published: Dec. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-52103

    Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.20
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3730

    A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely... Read more

    Affected Products : ehoney
    • EPSS Score: %0.05
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31029

    NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability m... Read more

    Affected Products : dgx_a100_firmware dgx_a100
    • EPSS Score: %0.19
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291219 Results