Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-3423

    A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack ... Read more

    Affected Products : online_courseware
    • Published: Apr. 07, 2024
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-23679

    Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes. ... Read more

    Affected Products : xp
    • EPSS Score: %0.90
    • Published: Jan. 19, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-4671

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection.This issue affects ECOP: before 32255.... Read more

    Affected Products : ecop
    • EPSS Score: %0.09
    • Published: Dec. 28, 2023
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2023-4673

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911 . ... Read more

    Affected Products : turasistan
    • EPSS Score: %0.14
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41555

    Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet.... Read more

    Affected Products : ac7_firmware ac7
    • EPSS Score: %0.12
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32744

    Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful... Read more

    Affected Products : online richdocumentscode
    • EPSS Score: %0.75
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46817

    An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attacke... Read more

    Affected Products : phpfox
    • EPSS Score: %0.77
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25729

    Memory corruption in modem due to improper length check while copying into memory... Read more

    • EPSS Score: %0.14
    • Published: Feb. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23636

    SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protect... Read more

    Affected Products : sofarpc
    • EPSS Score: %0.55
    • Published: Jan. 23, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25767

    All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.... Read more

    Affected Products : ureport2
    • EPSS Score: %3.10
    • Published: May. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32824

    Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet... Read more

    Affected Products : dubbo
    • EPSS Score: %13.06
    • Published: Jan. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6299

    Authentication bypass in Hanwha Techwin Smartcams... Read more

    • EPSS Score: %0.53
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3254

    The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, lea... Read more

    • EPSS Score: %18.49
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-54363

    Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-25531

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-33211

    memory corruption in modem due to improper check while calculating size of serialized CoAP message... Read more

    • EPSS Score: %0.12
    • Published: Apr. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10574

    site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.92
    • Published: Apr. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-29401

    xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.... Read more

    Affected Products :
    • Published: Mar. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10578

    An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass... Read more

    • EPSS Score: %0.43
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-30470

    In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.... Read more

    Affected Products : filerun
    • EPSS Score: %8.29
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291265 Results