Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-10930

    The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.... Read more

    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10904

    Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : qt
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-42573

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php.... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-42575

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42570

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php.... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42567

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.... Read more

    Affected Products : school_management_system
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42506

    Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitati... Read more

    Affected Products : arubaos
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2021-27101

    Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.... Read more

    Affected Products : fta
    • Actively Exploited
    • Published: Feb. 16, 2021
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-42469

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existi... Read more

    Affected Products : openhab openhab_web_interface
    • Published: Aug. 12, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2017-10816

    SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to execute arbitrary SQL commands via Relay Service Server.... Read more

    Affected Products : malion
    • Published: Aug. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10804

    In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database lay... Read more

    Affected Products : odoo
    • Published: Jul. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10788

    The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss ... Read more

    Affected Products : dbd-mysql
    • Published: Jul. 01, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10818

    MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service.... Read more

    Affected Products : malion
    • Published: Aug. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-42383

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.... Read more

    Affected Products : mongoose
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-42473

    OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses `but not` and `from` expressions and a userset. Users should downgrade to v1.5.6 as soon as possi... Read more

    Affected Products : openfga
    • Published: Aug. 12, 2024
    • Modified: Oct. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-42394

    There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to ... Read more

    Affected Products : arubaos instantos
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-42357

    Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by ... Read more

    Affected Products : shopware
    • Published: Aug. 08, 2024
    • Modified: Aug. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-42360

    SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shel... Read more

    Affected Products : sequenceserver
    • Published: Aug. 14, 2024
    • Modified: Aug. 16, 2024

  • 9.8

    CRITICAL
    CVE-2017-10685

    In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.... Read more

    Affected Products : ncurses
    • Published: Jun. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10699

    avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.... Read more

    Affected Products : vlc_media_player
    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292851 Results