Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-30512

    Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20.... Read more

    Affected Products : weforms
    • Published: Jun. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-37642

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck .... Read more

    Affected Products : tew-814dap_firmware tew-814dap
    • Published: Jun. 14, 2024
    • Modified: May. 27, 2025

  • 9.1

    CRITICAL
    CVE-2024-34451

    Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that a... Read more

    Affected Products : ghost
    • Published: Jun. 16, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2024-5805

    Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.... Read more

    Affected Products : moveit_gateway
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-6425

    Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=<RAN... Read more

    Affected Products : mesbook
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2024-6037

    A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource e... Read more

    Affected Products : chuanhuchatgpt
    • Published: Jul. 10, 2024
    • Modified: Jul. 15, 2025

  • 9.1

    CRITICAL
    CVE-2024-28805

    An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.... Read more

    Affected Products :
    • Published: Jul. 29, 2024
    • Modified: Mar. 14, 2025

  • 9.1

    CRITICAL
    CVE-2024-5975

    The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products : cz_loan_management
    • Published: Jul. 30, 2024
    • Modified: May. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-38109

    An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.... Read more

    Affected Products : azure_health_bot
    • Published: Aug. 13, 2024
    • Modified: Aug. 16, 2024

  • 9.1

    CRITICAL
    CVE-2024-42773

    An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.... Read more

    Affected Products : hotel_management_system
    • Published: Aug. 22, 2024
    • Modified: Apr. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-33853

    A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.... Read more

    Affected Products : centreon_web
    • Published: Aug. 23, 2024
    • Modified: May. 09, 2025

  • 9.1

    CRITICAL
    CVE-2024-42914

    A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicke... Read more

    Affected Products : arrowcms
    • Published: Aug. 23, 2024
    • Modified: Apr. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-45436

    extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.... Read more

    Affected Products : ollama
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.1

    CRITICAL
    CVE-2024-8016

    The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attacke... Read more

    Affected Products : events_calendar_pro
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 9.1

    CRITICAL
    CVE-2024-45587

    This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulat... Read more

    Affected Products : xts_mobile_trader xts_web_trader
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 9.1

    CRITICAL
    CVE-2024-45053

    Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Templa... Read more

    Affected Products : fides
    • Published: Sep. 04, 2024
    • Modified: Sep. 06, 2024

  • 9.1

    CRITICAL
    CVE-2024-42024

    A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.... Read more

    Affected Products : one
    • Published: Sep. 07, 2024
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-40457

    No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior.... Read more

    Affected Products :
    • Published: Sep. 12, 2024
    • Modified: Oct. 31, 2024

  • 9.1

    CRITICAL
    CVE-2024-8669

    The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient escaping on th... Read more

    Affected Products : backuply
    • Published: Sep. 14, 2024
    • Modified: Sep. 27, 2024

  • 9.1

    CRITICAL
    CVE-2022-24387

    With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010... Read more

    Affected Products : smartertrack
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results