Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-34935

    A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.... Read more

    • Published: May. 23, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-9707

    The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it poss... Read more

    Affected Products : hunk_companion
    • Published: Oct. 11, 2024
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-7748

    A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0. This issue affects some unknown processing of the file /endpoint/delete-account.php. The manipulation of the argument account leads to sql inject... Read more

    • Published: Aug. 13, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2023-34566

    Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Jun. 08, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-6979

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authe... Read more

    Affected Products : customer_reviews_for_woocommerce
    • EPSS Score: %3.74
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9822

    The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to l... Read more

    Affected Products : pedalo_connector
    • Published: Oct. 11, 2024
    • Modified: Nov. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-7911

    A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file... Read more

    Affected Products : simple_online_bidding_system
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7071

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection.This issue affects Brain Low-Code: before 2... Read more

    Affected Products : brain_low-code
    • Published: Aug. 27, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-8086

    A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ecommerce/admin/login.php of the component Admin Login. The manipulation of the argument user_email lea... Read more

    Affected Products : e-commerce_system e-commerce_system
    • Published: Aug. 22, 2024
    • Modified: Aug. 27, 2024

  • 9.8

    CRITICAL
    CVE-2022-2166

    Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0.... Read more

    Affected Products : mastodon
    • EPSS Score: %0.85
    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9931

    The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unau... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 9.8

    CRITICAL
    CVE-2022-42166

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-36535

    Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products :
    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24331

    In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.... Read more

    Affected Products : teamcity
    • EPSS Score: %0.01
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8210

    A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. ... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8221

    A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql inj... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8255

    Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.... Read more

    Affected Products : dtn_soft
    • Published: Aug. 29, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8073

    Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.... Read more

    Affected Products : web_application_firewall
    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-8341

    A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The atta... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-40482

    An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : live_membership_system
    • Published: Aug. 12, 2024
    • Modified: Apr. 28, 2025
Showing 20 of 291541 Results