Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-8341

    A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The atta... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-40482

    An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : live_membership_system
    • Published: Aug. 12, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-34991

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthoriz... Read more

    Affected Products : fortiwlm
    • EPSS Score: %8.02
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42237

    A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.... Read more

    Affected Products : merchandise_online_store
    • EPSS Score: %0.08
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-8607

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0.... Read more

    Affected Products : valeapp
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2021-27804

    JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.... Read more

    Affected Products : libjxl jpeg_xl
    • EPSS Score: %0.82
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-5618

    A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be in... Read more

    Affected Products : online_fire_reporting_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-7100

    A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate/tdate leads to sql inject... Read more

    Affected Products : restaurant_table_booking_system
    • EPSS Score: %0.10
    • Published: Dec. 25, 2023
    • Modified: Mar. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-7134

    A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. The attack may be initiated r... Read more

    Affected Products : medicine_tracker_system
    • EPSS Score: %0.11
    • Published: Dec. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-29646

    Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.... Read more

    Affected Products : radare2
    • Published: Dec. 17, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-42302

    An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.... Read more

    Affected Products : netbackup
    • EPSS Score: %0.34
    • Published: Oct. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34833

    Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation o... Read more

    • Published: Jun. 17, 2024
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-35088

    Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.  In the toAuditCkSql method, the groupId, streamId, ... Read more

    Affected Products : inlong
    • EPSS Score: %0.51
    • Published: Jul. 25, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-8485

    The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines w... Read more

    Affected Products : rest_api_to_miniprogram
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-9079

    A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument coursename leads to sql injection. The attack may be initi... Read more

    Affected Products : student_record_system
    • Published: Sep. 22, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-9086

    A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch th... Read more

    Affected Products : restaurant_reservation_system
    • Published: Sep. 22, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-9106

    The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenti... Read more

    Affected Products :
    • Published: Oct. 01, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-9201

    The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint.... Read more

    Affected Products : seur
    • Published: Oct. 10, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2025-48744

    In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.... Read more

    Affected Products : pmb
    • Published: May. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-9296

    A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /control/forgot_pass.php. The manipulation of the argument username leads to sql injection. ... Read more

    Affected Products : advocate_office_management_system
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024
Showing 20 of 291513 Results