Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-44349

    A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-45402

    Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free ... Read more

    Affected Products : h2o picotls
    • Published: Oct. 11, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-46532

    SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-48033

    Deserialization of Untrusted Data vulnerability in Elie Burstein, Baptiste Gourdin Talkback allows Object Injection.This issue affects Talkback: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-48251

    Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.... Read more

    Affected Products : wavelog
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-48283

    Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter.... Read more

    • Published: Oct. 15, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-48779

    An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-48782

    File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end.... Read more

    Affected Products :
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-9634

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it possib... Read more

    Affected Products : givewp
    • Published: Oct. 16, 2024
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-48180

    ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.... Read more

    Affected Products : classcms
    • Published: Oct. 16, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-49217

    Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1.... Read more

    • Published: Oct. 17, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-9537

    ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made availabl... Read more

    Affected Products : sl1
    • Actively Exploited
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-10120

    A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be ... Read more

    Affected Products : radar
    • Published: Oct. 18, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-49332

    Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4.... Read more

    Affected Products : giveaway_boost
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-49368

    Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 ... Read more

    Affected Products : nginx_ui
    • Published: Oct. 21, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-35314

    A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sani... Read more

    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-48514

    php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-47406

    Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.... Read more

    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-37847

    An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.... Read more

    Affected Products : mango mangoapi
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10427

    A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /deleteanimal.php. The manipulation of the argument t1 leads to sql injection. The attack can be in... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024
Showing 20 of 292732 Results