Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-24578

    RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the J... Read more

    Affected Products : raspberrymatic
    • Published: Mar. 18, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-53822

    Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.... Read more

    Affected Products : pie_register
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 10.0

    CRITICAL
    CVE-2024-30510

    Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5. ... Read more

    Affected Products : salon_booking_system
    • Published: Mar. 29, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-50387

    A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-28185

    Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. Whe... Read more

    Affected Products :
    • Published: Apr. 18, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-0916

    Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3. ... Read more

    Affected Products :
    • Published: Apr. 25, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2024-3191

    A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remot... Read more

    Affected Products : mailcleaner
    • Published: Apr. 29, 2024
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2025-34067

    An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT dese... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 07, 2025

  • 10.0

    CRITICAL
    CVE-2024-30207

    A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1... Read more

    Affected Products : simatic_rtls_locating_manager
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-3941

    Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possib... Read more

    Affected Products :
    • Published: May. 21, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-3943

    Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under r... Read more

    Affected Products :
    • Published: May. 21, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-0851

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.This issue affects Smartpower: through V24.05.27.... Read more

    Affected Products : smartpower
    • Published: May. 27, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-36388

    MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function... Read more

    Affected Products : devicehub
    • Published: Jun. 02, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-25600

    Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.... Read more

    Affected Products :
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-2013

    An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.... Read more

    Affected Products : foxman-un unem
    • Published: Jun. 11, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-3922

    The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer... Read more

    Affected Products : dokan_pro_plugin
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2024-24621

    Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.... Read more

    Affected Products : webuzo
    • Published: Jul. 25, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-43160

    Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 10.0

    CRITICAL
    CVE-2024-37099

    Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.... Read more

    Affected Products : givewp
    • Published: Aug. 19, 2024
    • Modified: Feb. 28, 2025

  • 10.0

    CRITICAL
    CVE-2024-7854

    The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it po... Read more

    Affected Products : woo_inquiry
    • Published: Aug. 21, 2024
    • Modified: Sep. 27, 2024
Showing 20 of 290955 Results