Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-24024

    An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File downloa... Read more

    Affected Products : novel-plus
    • EPSS Score: %0.10
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24025

    An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.... Read more

    Affected Products : novel-plus
    • EPSS Score: %0.10
    • Published: Feb. 08, 2024
    • Modified: Jun. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-24026

    An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.... Read more

    Affected Products : novel-plus
    • EPSS Score: %0.10
    • Published: Feb. 08, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-22836

    An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.... Read more

    Affected Products : akaunting
    • EPSS Score: %32.66
    • Published: Feb. 08, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24495

    SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.... Read more

    Affected Products : daily_habit_tracker
    • EPSS Score: %0.49
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-24393

    File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.... Read more

    Affected Products : pichome
    • EPSS Score: %3.06
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-25314

    Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.... Read more

    Affected Products : hotel_management_system
    • EPSS Score: %0.18
    • Published: Feb. 09, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-25718

    In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.... Read more

    Affected Products : samly
    • EPSS Score: %0.11
    • Published: Feb. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23512

    Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4. ... Read more

    Affected Products : wowstore
    • EPSS Score: %0.30
    • Published: Feb. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23763

    SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.... Read more

    Affected Products : gambio
    • EPSS Score: %0.07
    • Published: Feb. 12, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-23816

    A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8... Read more

    Affected Products : location_intelligence
    • EPSS Score: %0.99
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25214

    An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.... Read more

    Affected Products : employee_management_system
    • EPSS Score: %0.05
    • Published: Feb. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25215

    Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.... Read more

    Affected Products : employee_management_system
    • EPSS Score: %0.11
    • Published: Feb. 14, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-25216

    Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.... Read more

    Affected Products : employee_management_system
    • EPSS Score: %0.15
    • Published: Feb. 14, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-24300

    4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged.... Read more

    Affected Products : eap-767_firmware eap-767
    • EPSS Score: %0.16
    • Published: Feb. 14, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-26260

    The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on th... Read more

    • EPSS Score: %2.75
    • Published: Feb. 15, 2024
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-22426

    Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get e... Read more

    Affected Products : recoverpoint_for_virtual_machines
    • Published: Feb. 16, 2024
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-42443

    An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535.... Read more

    • Published: Feb. 17, 2024
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-6749

    Unchecked length coming from user input in settings shell... Read more

    Affected Products : zephyr
    • Published: Feb. 18, 2024
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-24793

    A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker w... Read more

    Affected Products : libdicom
    • Published: Feb. 20, 2024
    • Modified: Feb. 12, 2025
Showing 20 of 292750 Results