Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-5515

    A vulnerability was found in SourceCodester Stock Management System 1.0. It has been classified as critical. Affected is an unknown function of the file createBrand.php. The manipulation of the argument brandName leads to sql injection. It is possible to ... Read more

    • Published: May. 30, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-39374

    TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials.... Read more

    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22442

    The vulnerability could be remotely exploited to bypass authentication.... Read more

    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42843

    Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php.... Read more

    Affected Products : online_examination_system
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7919

    A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulati... Read more

    Affected Products : jielink\+_jsotc2016
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42559

    An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Aug. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-8087

    A vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical. This issue affects some unknown processing of the file /ecommerce/popup_Item.php. The manipulation of the argument id leads to sql injection. The attack may be i... Read more

    Affected Products : e-commerce_system e-commerce_system
    • Published: Aug. 22, 2024
    • Modified: Aug. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-8132

    A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. ... Read more

    • Published: Aug. 24, 2024
    • Modified: Aug. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-8295

    A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrest... Read more

    Affected Products : feehicms
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-44401

    D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file... Read more

    • Published: Sep. 06, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-44893

    An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request.... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-8782

    A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. ... Read more

    Affected Products : jfinalcms
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2022-24433

    The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some gi... Read more

    Affected Products : simple-git
    • EPSS Score: %1.02
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25621

    UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2... Read more

    • EPSS Score: %0.96
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21187

    The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get ar... Read more

    Affected Products : libvcs
    • EPSS Score: %1.25
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26184

    Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the applica... Read more

    Affected Products : windows poetry
    • EPSS Score: %0.57
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26260

    Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().... Read more

    Affected Products : simple-plist
    • EPSS Score: %0.27
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26273

    EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.41
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-11743

    MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect managemen... Read more

    Affected Products : connex
    • EPSS Score: %0.79
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-24788

    Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp... Read more

    Affected Products : vyper
    • EPSS Score: %0.31
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291162 Results