Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-55081

    An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-12728

    A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).... Read more

    Affected Products : firewall firewall_firmware
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11970

    A vulnerability classified as critical has been found in code-projects Concert Ticket Ordering System 1.0. Affected is an unknown function of the file /tour(cor).php. The manipulation of the argument mai leads to sql injection. It is possible to launch th... Read more

    Affected Products : concert_ticket_ordering_system
    • Published: Nov. 28, 2024
    • Modified: Dec. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-12794

    A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to ... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 19, 2024
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-12946

    A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_action.php. The manipulation of the argument admin_user_name ... Read more

    • Published: Dec. 26, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-12963

    A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this issue is the function add_xp of the file /_parse/_all_edits.php. The manipulation of the argument job_company leads to sql injection. The attack ma... Read more

    Affected Products : job_recruitment job_recruitment
    • Published: Dec. 26, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-12965

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /update_ex_detail.php. The manipulation of the argument q leads to sql injection. The att... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 26, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-12967

    A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to sql injection. It is possible to laun... Read more

    Affected Products : job_recruitment job_recruitment
    • Published: Dec. 26, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-13001

    A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack rem... Read more

    Affected Products : small_crm
    • Published: Dec. 29, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-13002

    A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /order_process.php. The manipulation of the argument fnm leads to sql inje... Read more

    Affected Products : bookstore_management_system
    • Published: Dec. 29, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-13007

    A vulnerability, which was classified as critical, was found in Codezips Event Management System 1.0. Affected is an unknown function of the file /contact.php. The manipulation of the argument title leads to sql injection. It is possible to launch the att... Read more

    Affected Products : event_management_system
    • Published: Dec. 29, 2024
    • Modified: Feb. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-47926

    Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Read more

    Affected Products : tcexam
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-56043

    Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9.... Read more

    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-13085

    A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. Th... Read more

    Affected Products : land_record_system
    • Published: Dec. 31, 2024
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-47183

    Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1.... Read more

    Affected Products : givewp
    • Published: Jan. 02, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-55078

    An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products :
    • Published: Jan. 03, 2025
    • Modified: Jan. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-0203

    A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads to sql injectio... Read more

    Affected Products : student_management_system
    • Published: Jan. 04, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0210

    A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username lea... Read more

    Affected Products : school_faculty_scheduling_system
    • Published: Jan. 04, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-56273

    Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106.... Read more

    Affected Products : migration\,_backup\,_staging
    • Published: Jan. 07, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0296

    A vulnerability was found in code-projects Online Book Shop 1.0. It has been classified as critical. This affects an unknown part of the file /booklist.php. The manipulation of the argument subcatid leads to sql injection. It is possible to initiate the a... Read more

    Affected Products : online_book_shop online_book_shop
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection
Showing 20 of 293308 Results