Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-30584

    Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Mar. 28, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-45806

    Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.... Read more

    • Published: Dec. 13, 2024
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2015-2001

    The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.... Read more

    Affected Products : metaio_sdk
    • EPSS Score: %1.15
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-37277

    Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Paid Memberships Pro: from n/a through 3.0.4.... Read more

    Affected Products : paid_memberships_pro
    • Published: Nov. 01, 2024
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-4267

    A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'open_file' ... Read more

    • Published: May. 22, 2024
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2021-30193

    CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.... Read more

    • EPSS Score: %0.53
    • Published: May. 25, 2021
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2021-30190

    CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.... Read more

    • EPSS Score: %0.43
    • Published: May. 25, 2021
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2021-30189

    CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.... Read more

    • EPSS Score: %0.57
    • Published: May. 25, 2021
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2021-30188

    CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.... Read more

    • EPSS Score: %0.57
    • Published: May. 25, 2021
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-53633

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does no... Read more

    Affected Products : chall-manager
    • Published: Jul. 10, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-8926

    A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be laun... Read more

    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-55161

    Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and... Read more

    Affected Products : stirling_pdf
    • Published: Aug. 11, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-55150

    Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and include... Read more

    Affected Products : stirling_pdf
    • Published: Aug. 11, 2025
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-8932

    A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated re... Read more

    Affected Products : sales_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-51390

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Aug. 04, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9022

    A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation of the argument email leads to sql injection. The attack may be initiat... Read more

    Affected Products : online_bank_management_system
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7778

    The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function in all versions up to, and including, 1.6.12. This makes it possible for unau... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-50518

    A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possi... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-6679

    The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affec... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2017-3907

    Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified ... Read more

    • EPSS Score: %0.49
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results