Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2024-51615

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.... Read more

    Affected Products : wordpress_auction
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-54215

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roninwp Revy.This issue affects Revy: from n/a through 1.18.... Read more

    Affected Products : revy
    • Published: Dec. 09, 2024
    • Modified: Dec. 20, 2024

  • 9.3

    CRITICAL
    CVE-2024-55547

    SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 9.3

    CRITICAL
    CVE-2024-50339

    GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this i... Read more

    Affected Products : glpi
    • Published: Dec. 12, 2024
    • Modified: Jan. 10, 2025

  • 9.3

    CRITICAL
    CVE-2024-54361

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.3

    CRITICAL
    CVE-2024-55972

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Carvache eTemplates allows SQL Injection.This issue affects eTemplates: from n/a through 0.2.1.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.3

    CRITICAL
    CVE-2024-55980

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webriderz Wr Age Verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through 2.0.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.3

    CRITICAL
    CVE-2024-55981

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabajit Roy Nabz Image Gallery allows SQL Injection.This issue affects Nabz Image Gallery: from n/a through v1.00.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.3

    CRITICAL
    CVE-2024-55988

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amol Nirmala Waman Navayan CSV Export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through 1.0.9.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.3

    CRITICAL
    CVE-2024-56039

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP allows SQL Injection.This issue affects VibeBP: from n/a before 1.9.9.7.7.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.3

    CRITICAL
    CVE-2024-56042

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.... Read more

    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.3

    CRITICAL
    CVE-2024-56045

    Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.... Read more

    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.3

    CRITICAL
    CVE-2024-56198

    path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.3

    CRITICAL
    CVE-2025-22275

    iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote log... Read more

    Affected Products : iterm2
    • Published: Jan. 03, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2024-43652

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701 Likelihood: Moderate – The <redacted... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2024-43654

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects all Iocharger AC EV charger models on a firmware version before 2... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2024-43657

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: High. However, the att... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2024-49655

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-23931

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n/a through 2.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-24981

    MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the ... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291638 Results