Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-7281

    A vulnerability classified as critical has been found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /admin/index.php?page=manage_lot. The manipulation of the argument id leads to sql injection. It is ... Read more

    Affected Products : lot_reservation_management_system
    • Published: Jul. 31, 2024
    • Modified: Aug. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-7441

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been declared as critical. This vulnerability affects the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-b... Read more

    Affected Products : sd9364_firmware sd9364
    • Published: Aug. 03, 2024
    • Modified: Aug. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-7461

    A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the argument u... Read more

    Affected Products : administracao_pabx
    • Published: Aug. 05, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-7500

    A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function save_settings of the file admin/admin_class.php. The manipulation of the argument img leads to unrestricted upl... Read more

    Affected Products : airline_reservation_system
    • Published: Aug. 06, 2024
    • Modified: Sep. 11, 2024

  • 9.8

    CRITICAL
    CVE-2022-23366

    HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.... Read more

    Affected Products : hms
    • EPSS Score: %0.23
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28731

    AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Jooml... Read more

    Affected Products : acymailing
    • EPSS Score: %2.07
    • Published: Mar. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23399

    A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packe... Read more

    • EPSS Score: %0.44
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7742

    A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side ... Read more

    Affected Products : ltcms
    • Published: Aug. 13, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7829

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-... Read more

    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-38182

    Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.... Read more

    Affected Products : dynamics_365
    • Published: Jul. 31, 2024
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-7909

    A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to sta... Read more

    Affected Products : ex1200l_firmware ex1200l
    • Published: Aug. 18, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3306

    A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper ... Read more

    Affected Products : rg-ew1200g_firmware rg-ew1200g
    • EPSS Score: %53.70
    • Published: Jun. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23459

    Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may... Read more

    Affected Products : json\+\+
    • EPSS Score: %0.22
    • Published: Aug. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8077

    A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: Th... Read more

    Affected Products : t8_firmware t8 ac1200_t8
    • Published: Aug. 22, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2023-5846

    Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device. ... Read more

    Affected Products : ts-550_evo_firmware ts-550_evo
    • EPSS Score: %0.03
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8224

    A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer ove... Read more

    Affected Products : g3_firmware g3_firmware g3 g3
    • Published: Aug. 27, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2022-41544

    GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.... Read more

    Affected Products : getsimple_cms getsimplecms
    • EPSS Score: %64.32
    • Published: Oct. 18, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2021-27145

    An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP.... Read more

    Affected Products : hg6245d_firmware hg6245d
    • EPSS Score: %0.70
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27147

    An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP.... Read more

    Affected Products : hg6245d_firmware hg6245d
    • EPSS Score: %0.70
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34706

    Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token (JWT) of the user is exposed to `api.form.io` via the the `x-jwt-token` header. An attacker can retrieve personal information from th... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291615 Results