Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-4972

    A vulnerability classified as critical has been found in code-projects Simple Chat System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the atta... Read more

    Affected Products : simple_chat_system
    • Published: May. 16, 2024
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-40115

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.... Read more

    Affected Products : online_banking_system
    • EPSS Score: %0.10
    • Published: Sep. 23, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-0786

    The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users... Read more

    Affected Products : kivicare
    • EPSS Score: %74.68
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2863

    This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.... Read more

    Affected Products : lg_led_assistant
    • Published: Mar. 25, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-24003

    jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can con... Read more

    Affected Products : jsherp
    • EPSS Score: %0.10
    • Published: Feb. 08, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-24186

    Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.... Read more

    Affected Products : jsish
    • EPSS Score: %1.08
    • Published: Feb. 07, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-24308

    SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirma... Read more

    Affected Products : boostmyshop
    • EPSS Score: %0.29
    • Published: Feb. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24327

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • EPSS Score: %1.45
    • Published: Jan. 30, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-50486

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5.... Read more

    Affected Products : flutter_api
    • Published: Oct. 28, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-50487

    Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1.... Read more

    Affected Products : maanstore_api
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2022-22522

    In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.... Read more

    • EPSS Score: %0.31
    • Published: Sep. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24543

    Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %1.11
    • Published: Feb. 05, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-5063

    A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injectio... Read more

    Affected Products : online_course_registration_system
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24561

    Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() functio... Read more

    Affected Products : vyper
    • EPSS Score: %1.19
    • Published: Feb. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5084

    The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthen... Read more

    Affected Products : hash_form
    • Published: May. 23, 2024
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2021-41609

    SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection... Read more

    Affected Products : selectsurvey.net
    • EPSS Score: %3.37
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5117

    A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file portal.php. The manipulation of the argument username/password leads to sql injection. It is possible to... Read more

    • Published: May. 20, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2019-7482

    Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.... Read more

    • EPSS Score: %64.58
    • Published: Dec. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25089

    Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.... Read more

    Affected Products : binisoft_windows_firewall_control
    • EPSS Score: %5.36
    • Published: Feb. 04, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40357

    A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection ... Read more

    Affected Products : z-blogphp
    • EPSS Score: %2.66
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025
Showing 20 of 291219 Results