Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-0200

    An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would... Read more

    Affected Products : enterprise_server
    • EPSS Score: %74.20
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9984

    Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2025-1771

    The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute... Read more

    Affected Products : traveler
    • Published: Mar. 15, 2025
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-1814

    A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer o... Read more

    Affected Products : ac6_firmware
    • Published: Mar. 02, 2025
    • Modified: Mar. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-31993

    Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service.... Read more

    • EPSS Score: %0.25
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3704

    SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-0298

    A vulnerability was found in code-projects Online Book Shop 1.0. It has been rated as critical. This issue affects some unknown processing of the file /process_login.php. The manipulation of the argument usernm leads to sql injection. The attack may be in... Read more

    Affected Products : online_book_shop online_book_shop
    • Published: Jan. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2021-28027

    An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.... Read more

    Affected Products : bam
    • EPSS Score: %0.42
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-7750

    A vulnerability, which was classified as critical, was found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/adddoctorclinic.php. The manipulation of the argument clinic leads to sql injection. It... Read more

    Affected Products : online_appointment_booking_system
    • Published: Jul. 17, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-0287

    A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack... Read more

    Affected Products : food_management_system
    • EPSS Score: %0.05
    • Published: Jan. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-33805

    A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.... Read more

    • Published: May. 28, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-24629

    An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php fil... Read more

    Affected Products : device_manager_express
    • EPSS Score: %48.67
    • Published: May. 29, 2023
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-4247

    A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit... Read more

    Affected Products : movie_ticket_booking_system
    • EPSS Score: %0.04
    • Published: Dec. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28152

    Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.... Read more

    Affected Products : h8922_firmware h8922
    • EPSS Score: %37.47
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-20386

    Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328... Read more

    Affected Products : android
    • EPSS Score: %0.34
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-20389

    Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004... Read more

    Affected Products : android
    • EPSS Score: %0.34
    • Published: Sep. 13, 2022
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2017-9855

    An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any suc... Read more

    • EPSS Score: %0.44
    • Published: Aug. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-11150

    The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauth... Read more

    Affected Products : user_extra_fields
    • Published: Nov. 13, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2025-1876

    A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based ... Read more

    Affected Products : dap-1562_firmware dap-1562
    • Published: Mar. 03, 2025
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-20473

    In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Prod... Read more

    Affected Products : android
    • EPSS Score: %59.73
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 291573 Results