Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-35782

    The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.... Read more

    Affected Products : ipandlanguageredirect
    • EPSS Score: %0.29
    • Published: Jun. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2707

    A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/faculty_sched.php. The manipulation of the argument faculty with ... Read more

    • EPSS Score: %0.23
    • Published: Aug. 08, 2022
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2021-30179

    Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the ... Read more

    Affected Products : dubbo
    • EPSS Score: %3.58
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27140

    An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misu... Read more

    Affected Products : express-fileupload
    • EPSS Score: %0.46
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-25513

    Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.... Read more

    Affected Products : seacms
    • Published: Feb. 24, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-44410

    D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.... Read more

    Affected Products : di-8300_firmware di-8300
    • Published: Sep. 09, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-44466

    COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.... Read more

    Affected Products : cf-xr11_firmware cf-xr11
    • Published: Sep. 11, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2022-27177

    A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2... Read more

    Affected Products : consoleme
    • EPSS Score: %2.14
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10614

    Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivi... Read more

    • EPSS Score: %0.29
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12940

    A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/student_action.php. The manipulation of the argument student_id leads to sql i... Read more

    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-12981

    A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to s... Read more

    Affected Products : car_rental_system
    • Published: Dec. 27, 2024
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-48654

    One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset function... Read more

    Affected Products : password_manager
    • EPSS Score: %0.16
    • Published: Dec. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-13003

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /update_ed.php. The manipulation of the argument e_id leads to sql injection. T... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 29, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-2723

    A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possi... Read more

    • EPSS Score: %0.31
    • Published: Aug. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-13035

    A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/update_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated... Read more

    Affected Products : chat_system chat_system chat_system
    • Published: Dec. 30, 2024
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2018-0645

    MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors.... Read more

    Affected Products : mtappjquery
    • EPSS Score: %1.27
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23624

    A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. ... Read more

    Affected Products : dap-1650_firmware dap-1650
    • EPSS Score: %10.01
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-26339

    A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multip... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2020-27678

    An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.... Read more

    Affected Products : smartos omnios illumos
    • EPSS Score: %0.46
    • Published: Oct. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27263

    An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.... Read more

    Affected Products : strapi
    • EPSS Score: %2.18
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291608 Results