Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-27786

    Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and s... Read more

    Affected Products : onetest_server
    • EPSS Score: %0.19
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11965

    A vulnerability has been found in PHPGurukul Complaint Management system 1.0 and classified as critical. This vulnerability affects unknown code of the file /user/reset-password.php. The manipulation of the argument email leads to sql injection. The attac... Read more

    Affected Products : complaint_management_system
    • Published: Nov. 28, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-12231

    A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the atta... Read more

    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-53442

    whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-52335

    A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use t... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-47537

    GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that s... Read more

    Affected Products : gstreamer
    • Published: Dec. 12, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2025-4121

    A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely.... Read more

    Affected Products : jwnr2000v2_firmware jwnr2000v2
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-4288

    A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RNFR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 05, 2025
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2021-22648

    Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.... Read more

    • EPSS Score: %0.23
    • Published: Jul. 28, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2020-21642

    Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.... Read more

    Affected Products : manageengine_analytics_plus
    • EPSS Score: %7.11
    • Published: Aug. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37158

    RuoYi v3.8.3 has a Weak password vulnerability in the management system.... Read more

    Affected Products : ruoyi-vue-pro
    • EPSS Score: %0.11
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33941

    PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed thro... Read more

    Affected Products : powercms
    • EPSS Score: %3.25
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-5032

    A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch... Read more

    Affected Products : online_shopping_portal
    • Published: May. 21, 2025
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-5365

    A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. It is... Read more

    Affected Products : online_hospital_management_system
    • Published: May. 31, 2025
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-5562

    A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category-detail.php. The manipulation of the argument editid leads to ... Read more

    Affected Products : curfew_e-pass_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2025-5869

    A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption.... Read more

    Affected Products : rt-thread rt-thread
    • Published: Jun. 09, 2025
    • Modified: Jul. 11, 2025

  • 9.8

    CRITICAL
    CVE-2025-30515

    CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-41663

    For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would n... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jul. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-43107

    Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.... Read more

    Affected Products : ac23_firmware ac23
    • EPSS Score: %0.09
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-42984

    WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients.... Read more

    Affected Products : wowonder
    • EPSS Score: %0.34
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 291162 Results