Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-54750

    Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-52324

    Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.... Read more

    Affected Products : reyee_os
    • Published: Dec. 06, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-38923

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl o... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-12209

    The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthent... Read more

    Affected Products :
    • Published: Dec. 08, 2024
    • Modified: Dec. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-55560

    MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation.... Read more

    Affected Products : mailcleaner
    • Published: Dec. 08, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2023-23834

    Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.... Read more

    Affected Products : spectra
    • Published: Dec. 09, 2024
    • Modified: Mar. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-47826

    Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3.... Read more

    • Published: Dec. 09, 2024
    • Modified: Apr. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-52480

    Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.... Read more

    Affected Products : jobify
    • Published: Dec. 09, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-38946

    Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.... Read more

    Affected Products : doctor-appointment
    • Published: Dec. 09, 2024
    • Modified: May. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-54926

    A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-54924

    A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-54932

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-55099

    A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.... Read more

    Affected Products : online_nurse_hiring_system
    • Published: Dec. 12, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-49147

    Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.... Read more

    Affected Products : update_catalog .update_catalog
    • Published: Dec. 12, 2024
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-12603

    A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Sep. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-54273

    Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker allows Object Injection.This issue affects Mail Picker: from n/a through 1.0.14.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-54295

    Authentication Bypass Using an Alternate Path or Channel vulnerability in InspireUI ListApp Mobile Manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through 1.7.7.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-54229

    Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-56058

    Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-56145

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspeci... Read more

    Affected Products : craft_cms
    • Actively Exploited
    • Published: Dec. 18, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 293642 Results