Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-9931

    The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unau... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 9.8

    CRITICAL
    CVE-2022-42166

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-36535

    Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products :
    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24331

    In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.... Read more

    Affected Products : teamcity
    • EPSS Score: %0.01
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8210

    A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. ... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8221

    A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql inj... Read more

    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-8255

    Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.... Read more

    Affected Products : dtn_soft
    • Published: Aug. 29, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8073

    Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.... Read more

    Affected Products : web_application_firewall
    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-8341

    A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/add_user.php. The manipulation of the argument avatar leads to unrestricted upload. The atta... Read more

    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-40482

    An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : live_membership_system
    • Published: Aug. 12, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-34991

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthoriz... Read more

    Affected Products : fortiwlm
    • EPSS Score: %8.02
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42237

    A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.... Read more

    Affected Products : merchandise_online_store
    • EPSS Score: %0.08
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-8607

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0.... Read more

    Affected Products : valeapp
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2021-27804

    JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.... Read more

    Affected Products : libjxl jpeg_xl
    • EPSS Score: %0.82
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-5618

    A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be in... Read more

    Affected Products : online_fire_reporting_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-7100

    A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate/tdate leads to sql inject... Read more

    Affected Products : restaurant_table_booking_system
    • EPSS Score: %0.10
    • Published: Dec. 25, 2023
    • Modified: Mar. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-7134

    A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to path traversal: '../filedir'. The attack may be initiated r... Read more

    Affected Products : medicine_tracker_system
    • EPSS Score: %0.11
    • Published: Dec. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-29646

    Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.... Read more

    Affected Products : radare2
    • Published: Dec. 17, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-42302

    An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.... Read more

    Affected Products : netbackup
    • EPSS Score: %0.34
    • Published: Oct. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34833

    Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation o... Read more

    • Published: Jun. 17, 2024
    • Modified: Apr. 30, 2025
Showing 20 of 291170 Results