Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10656

    A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. This issue affects some unknown processing of the file /pda/meeting/apply.php. The manipulation of the argument mr_id leads to sql injection. The attack may be initiate... Read more

    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2022-37815

    Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex.... Read more

    Affected Products : ac1206_firmware ac1206
    • EPSS Score: %0.44
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37897

    There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerab... Read more

    Affected Products : arubaos sd-wan
    • EPSS Score: %1.28
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-10915

    A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the ... Read more

    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-41473

    Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac... Read more

    Affected Products : fh1201_firmware fh1201 fh1201_firmware
    • Published: Jul. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11666

    Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users  su... Read more

    Affected Products : salia_plcc_firmware salia_plcc
    • Published: Nov. 24, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2020-5723

    The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.... Read more

    • EPSS Score: %50.76
    • Published: Mar. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3806

    Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.... Read more

    Affected Products : zephyr
    • EPSS Score: %0.10
    • Published: Jan. 25, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-11962

    A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack ca... Read more

    • Published: Nov. 28, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-42658

    An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookie's parameter... Read more

    • Published: Aug. 19, 2024
    • Modified: Aug. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-42967

    Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Aug. 15, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-21511

    Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.... Read more

    Affected Products : mysql2
    • Published: Apr. 23, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-43144

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.... Read more

    Affected Products : cost_calculator_builder
    • Published: Aug. 29, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2022-21190

    This affects the package convict before 6.2.3. This is a bypass of [CVE-2022-22143](https://security.snyk.io/vuln/SNYK-JS-CONVICT-2340604). The [fix](https://github.com/mozilla/node-convict/commit/3b86be087d8f14681a9c889d45da7fe3ad9cd880) introduced, reli... Read more

    Affected Products : convict
    • EPSS Score: %0.63
    • Published: May. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26073

    An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message ... Read more

    • EPSS Score: %0.19
    • Published: Mar. 13, 2023
    • Modified: Mar. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-38116

    Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service.... Read more

    Affected Products : salary_management_system
    • EPSS Score: %0.71
    • Published: Aug. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2264

    A vulnerability, which was classified as critical, has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. Th... Read more

    • Published: Mar. 07, 2024
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-44019

    Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form 7 Campaign Monitor Extension: from n/a through 0.4.67.... Read more

    • Published: Nov. 01, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-22988

    ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp.... Read more

    Affected Products : zkbio_wdms
    • Published: Feb. 23, 2024
    • Modified: Jun. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-46981

    SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.... Read more

    Affected Products : novel-plus
    • EPSS Score: %1.02
    • Published: Nov. 05, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291219 Results