Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-40357

    A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection ... Read more

    Affected Products : z-blogphp
    • EPSS Score: %2.66
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-29876

    SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all... Read more

    Affected Products : sentrifugo sentrifugo
    • Published: Mar. 21, 2024
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-29937

    NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.... Read more

    Affected Products : freebsd openbsd openbsd
    • Published: Apr. 11, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-2850

    A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overf... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25302

    Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.... Read more

    Affected Products : event_student_attendance_system
    • EPSS Score: %0.18
    • Published: Feb. 09, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-2556

    A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possi... Read more

    • Published: Mar. 17, 2024
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-40434

    Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page.... Read more

    Affected Products : softr
    • EPSS Score: %0.12
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-25350

    SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters.... Read more

    Affected Products : zoo_management_system
    • Published: Feb. 28, 2024
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2020-19692

    Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.... Read more

    Affected Products : njs njs
    • EPSS Score: %0.87
    • Published: Apr. 04, 2023
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2021-41643

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.... Read more

    Affected Products : church_management_system
    • EPSS Score: %10.73
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25722

    qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.... Read more

    Affected Products : qanything
    • EPSS Score: %0.06
    • Published: Feb. 11, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-25935

    Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. ... Read more

    Affected Products : registrationmagic
    • Published: Apr. 11, 2024
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2020-19853

    BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.... Read more

    Affected Products : bluecms bluecms
    • EPSS Score: %0.26
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-31094

    Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05. ... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2799

    A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded pas... Read more

    Affected Products : cnoa_oa
    • EPSS Score: %0.06
    • Published: May. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-31866

    Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before ... Read more

    Affected Products : zeppelin
    • Published: Apr. 09, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-25826

    Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix th... Read more

    Affected Products : opentsdb
    • EPSS Score: %84.36
    • Published: May. 03, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-28094

    Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.... Read more

    Affected Products : pega_platform platform
    • EPSS Score: %0.22
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26623

    A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.... Read more

    Affected Products : windows bandizip
    • EPSS Score: %0.69
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6840

    A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which cou... Read more

    • EPSS Score: %0.50
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291209 Results