Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-25320

    Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.... Read more

    • Published: Feb. 16, 2024
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-33403

    A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.... Read more

    • Published: May. 06, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-38909

    Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.... Read more

    Affected Products : elfinder
    • Published: Jul. 30, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-35620

    D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.... Read more

    Affected Products : dir-818l_firmware dir-818l
    • EPSS Score: %25.25
    • Published: Aug. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2094

    A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql i... Read more

    • EPSS Score: %0.05
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-30584

    Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Mar. 28, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-45806

    Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.... Read more

    • Published: Dec. 13, 2024
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2015-2001

    The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.... Read more

    Affected Products : metaio_sdk
    • EPSS Score: %1.15
    • Published: Mar. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-37277

    Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Paid Memberships Pro: from n/a through 3.0.4.... Read more

    Affected Products : paid_memberships_pro
    • Published: Nov. 01, 2024
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-4267

    A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'open_file' ... Read more

    • Published: May. 22, 2024
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2021-30193

    CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.... Read more

    • EPSS Score: %0.53
    • Published: May. 25, 2021
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2021-30190

    CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.... Read more

    • EPSS Score: %0.43
    • Published: May. 25, 2021
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2021-30189

    CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.... Read more

    • EPSS Score: %0.57
    • Published: May. 25, 2021
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2021-30188

    CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.... Read more

    • EPSS Score: %0.57
    • Published: May. 25, 2021
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-53633

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does no... Read more

    Affected Products : chall-manager
    • Published: Jul. 10, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-8926

    A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be laun... Read more

    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-55161

    Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and... Read more

    Affected Products : stirling_pdf
    • Published: Aug. 11, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-55150

    Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and include... Read more

    Affected Products : stirling_pdf
    • Published: Aug. 11, 2025
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-8932

    A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated re... Read more

    Affected Products : sales_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-51390

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Aug. 04, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection
Showing 20 of 291788 Results