Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-0848

    A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_cr... Read more

    Affected Products : a18_firmware
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-12822

    The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0. Thi... Read more

    Affected Products : media_manager
    • Published: Jan. 30, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0680

    Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0880

    A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql injection. The attack ... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0881

    A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possibl... Read more

    • Published: Jan. 30, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-1736

    Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.... Read more

    Affected Products : ubuntu_linux gnome-remote-desktop
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-0929

    SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-53320

    Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the GetCurrentFrame, SaveCapture, and LoadProject functions.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-0943

    A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file deldoc.php. The manipulation of the argument id leads to sql injection. The attack can be init... Read more

    Affected Products : tailoring_management_system
    • Published: Feb. 01, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0944

    A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file customerview.php. The manipulation of the argument id leads to sql injection. The attack may b... Read more

    Affected Products : tailoring_management_system
    • Published: Feb. 01, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0945

    A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file typedelete.php. The manipulation of the argument id leads to sql injection. It is possible to launch the att... Read more

    Affected Products : tailoring_management_system
    • Published: Feb. 01, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0946

    A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file templatedelete.php. The manipulation of the argument id leads to sql injection. The at... Read more

    Affected Products : tailoring_management_system
    • Published: Feb. 01, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0950

    A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file staffview.php. The manipulation of the argument staffid leads to sql injection. The attack may be ... Read more

    Affected Products : tailoring_management_system
    • Published: Feb. 01, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-55529

    Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.... Read more

    Affected Products : z-blogphp
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-12402

    The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's ... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-12252

    The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite th... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-12264

    The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-8855

    The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks... Read more

    Affected Products : wordpress_auction
    • Published: Jan. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-55556

    A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted ses... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-55414

    A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution u... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 08, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293335 Results