Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-27836

    TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.... Read more

    Affected Products : tl-wpa8630p_firmware tl-wpa8630p
    • EPSS Score: %1.06
    • Published: Jun. 13, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-27710

    An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism.... Read more

    Affected Products : eskooly
    • Published: Jul. 05, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-22902

    Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.... Read more

    Affected Products : vinchin_backup_and_recovery
    • EPSS Score: %0.11
    • Published: Feb. 02, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-22922

    An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php... Read more

    Affected Products : visitor_management_system_in_php
    • EPSS Score: %0.69
    • Published: Jan. 25, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-22923

    SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.... Read more

    Affected Products : adv_radius
    • EPSS Score: %0.14
    • Published: Feb. 13, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-22942

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • EPSS Score: %3.13
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2019-7271

    Nortek Linear eMerge 50P/5000P devices have Default Credentials.... Read more

    • EPSS Score: %0.42
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22338

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end d... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.08
    • Published: Jan. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-28123

    Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the d... Read more

    Affected Products : wasmi
    • Published: Mar. 21, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-40122

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php.... Read more

    Affected Products : online_banking_system
    • EPSS Score: %0.08
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-0739

    The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), ... Read more

    Affected Products : bookingpress
    • EPSS Score: %73.20
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4972

    A vulnerability classified as critical has been found in code-projects Simple Chat System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the atta... Read more

    Affected Products : simple_chat_system
    • Published: May. 16, 2024
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-40115

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.... Read more

    Affected Products : online_banking_system
    • EPSS Score: %0.10
    • Published: Sep. 23, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-0786

    The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users... Read more

    Affected Products : kivicare
    • EPSS Score: %74.68
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2863

    This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.... Read more

    Affected Products : lg_led_assistant
    • Published: Mar. 25, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-24003

    jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can con... Read more

    Affected Products : jsherp
    • EPSS Score: %0.10
    • Published: Feb. 08, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-24186

    Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.... Read more

    Affected Products : jsish
    • EPSS Score: %1.08
    • Published: Feb. 07, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-24308

    SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirma... Read more

    Affected Products : boostmyshop
    • EPSS Score: %0.29
    • Published: Feb. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24327

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • EPSS Score: %1.45
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-50486

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5.... Read more

    Affected Products : flutter_api
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024
Showing 20 of 291562 Results