Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4913

    A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. ... Read more

    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-39018

    FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties bec... Read more

    Affected Products : ffmpeg-cli-wrapper
    • EPSS Score: %0.10
    • Published: Jul. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39001

    A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file.... Read more

    Affected Products : opnsense
    • EPSS Score: %4.89
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-5004

    A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add_course.php. The manipulation of the argument c/subname leads to sql injection. The att... Read more

    Affected Products : online_time_table_generator
    • Published: May. 20, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-42634

    A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Aug. 16, 2024
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-1971

    A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argu... Read more

    Affected Products : online_shopping_system
    • Published: Feb. 29, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2025-5218

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0.0. Affected is an unknown function of the component LITERAL Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. ... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 27, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5502

    A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 03, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-38927

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl ... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2025-5855

    A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is... Read more

    Affected Products : ac6_firmware ac6
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-43091

    In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 13, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2022-44751

    HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is di... Read more

    Affected Products : notes
    • EPSS Score: %2.38
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-11967

    A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injection. It is possib... Read more

    Affected Products : complaint_management_system
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024

  • 9.8

    CRITICAL
    CVE-2023-34399

    Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-45712

    IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsForward function.... Read more

    Affected Products : m50_firmware m50
    • EPSS Score: %0.12
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2019-18572

    The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication.... Read more

    • EPSS Score: %1.31
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27063

    Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted ... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.50
    • Published: Mar. 13, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-45010

    Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php.... Read more

    • EPSS Score: %0.07
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-39736

    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, includin... Read more

    Affected Products : datacap datacap_navigator
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45717

    IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request.... Read more

    Affected Products : m50_firmware m50
    • EPSS Score: %0.66
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025
Showing 20 of 291205 Results