Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2022-31580

    The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : caretakerr-api
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-39395

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS allows SQL Injection.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-48122

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows SQL Injection. This issue affects Spreadsheet Price Changer... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-40657

    A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34022

    A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in ... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2022-33219

    Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.... Read more

    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2016-15044

    A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially cr... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2023-1244

    Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.... Read more

    Affected Products : answer
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2013-10042

    A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in mem... Read more

    Affected Products : freeftpd
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2013-10047

    An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacke... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2012-10036

    Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files ... Read more

    Affected Products : projectpier
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2012-10046

    The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2022-33231

    Memory corruption due to double free in core while initializing the encryption key.... Read more

    • Published: Apr. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-56290

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection.This issue affects Multiple Shipping And Billing Address For ... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2022-31502

    The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : wormnest
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31506

    The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : opendiamond
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31509

    The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-43650

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects  firmware versions before 24120701. Likelihood: Moderate – The <... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-24612

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection. This issue affects Shipping for Nova Poshta: from n/a through 1.19.6.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-24667

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edi... Read more

    Affected Products : small_package_quotes
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection
Showing 20 of 292851 Results