Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-13234

    The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the 'additionalCondition' parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation... Read more

    Affected Products : product_table
    • Published: Jan. 23, 2025
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-22988

    ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp.... Read more

    Affected Products : zkbio_wdms
    • Published: Feb. 23, 2024
    • Modified: Jun. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-46981

    SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.... Read more

    Affected Products : novel-plus
    • EPSS Score: %1.02
    • Published: Nov. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2693

    A vulnerability was found in SourceCodester Online Exam System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mahasiswa/data of the component POST Parameter Handler. The manipulation of the argument colum... Read more

    • EPSS Score: %0.05
    • Published: May. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-44921

    SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.... Read more

    Affected Products : seacms
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2022-3393

    The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection... Read more

    Affected Products : post_to_csv
    • EPSS Score: %3.66
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-38509

    Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.... Read more

    Affected Products : wedding_planner
    • EPSS Score: %0.08
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-38573

    10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function.... Read more

    Affected Products : network_inventory_explorer
    • EPSS Score: %0.19
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-2143

    The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.... Read more

    Affected Products : iview
    • EPSS Score: %58.60
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30349

    JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.... Read more

    Affected Products : jfinal_cms
    • EPSS Score: %2.78
    • Published: Apr. 27, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-45216

    Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL pa... Read more

    Affected Products : solr
    • Published: Oct. 16, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-45166

    An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (D... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Aug. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-45265

    A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter.... Read more

    Affected Products : arfa-cms
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-24002

    jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct ... Read more

    Affected Products : jsherp
    • EPSS Score: %0.13
    • Published: Feb. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1527

    Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webs... Read more

    Affected Products : cms_made_simple
    • Published: Mar. 12, 2024
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2022-21543

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mgmt). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with networ... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • EPSS Score: %4.97
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24330

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • EPSS Score: %1.58
    • Published: Jan. 30, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-1711

    The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S... Read more

    Affected Products : create
    • Published: Mar. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45595

    D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is t... Read more

    Affected Products : d-tale
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-24525

    An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL.... Read more

    Affected Products : epointwebbuilder
    • Published: Feb. 29, 2024
    • Modified: Mar. 27, 2025
Showing 20 of 291158 Results