Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-50942

    qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-46054

    OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files.... Read more

    Affected Products : openvidreview
    • Published: Nov. 27, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-11482

    A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user.... Read more

    Affected Products : enterprise_security_manager
    • Published: Nov. 29, 2024
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-52778

    DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php.... Read more

    Affected Products : dcme-520_firmware
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-52780

    DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php.... Read more

    Affected Products : dcme-520_firmware
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-52782

    DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php.... Read more

    Affected Products : dcme-520_firmware
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-49805

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of intern... Read more

    Affected Products : security_verify_access
    • Published: Nov. 29, 2024
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-53506

    A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.... Read more

    Affected Products : siyuan
    • Published: Nov. 29, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-53739

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elemen... Read more

    • Published: Nov. 30, 2024
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-54750

    Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-52324

    Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.... Read more

    Affected Products : reyee_os
    • Published: Dec. 06, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-38923

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl o... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-12209

    The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthent... Read more

    Affected Products :
    • Published: Dec. 08, 2024
    • Modified: Dec. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-55560

    MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation.... Read more

    Affected Products : mailcleaner
    • Published: Dec. 08, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2023-23834

    Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.... Read more

    Affected Products : spectra
    • Published: Dec. 09, 2024
    • Modified: Mar. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-47826

    Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3.... Read more

    • Published: Dec. 09, 2024
    • Modified: Apr. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-52480

    Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.... Read more

    Affected Products : jobify
    • Published: Dec. 09, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-38946

    Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.... Read more

    Affected Products : doctor-appointment
    • Published: Dec. 09, 2024
    • Modified: May. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-54926

    A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-54924

    A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 14, 2025
Showing 20 of 292763 Results