Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-51828

    A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function.... Read more

    Affected Products : pmb pmb
    • Published: Feb. 21, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-1702

    A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. T... Read more

    • Published: Feb. 21, 2024
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-1831

    A vulnerability, which was classified as critical, was found in SourceCodester Complete File Management System 1.0. Affected is an unknown function of the file users/index.php of the component Login Form. The manipulation of the argument username with the... Read more

    Affected Products : complete_file_management_system
    • Published: Feb. 23, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2023-51518

    Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in pri... Read more

    Affected Products : james
    • Published: Feb. 27, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-1926

    A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/search_sales_report.php. The manipulation of the argument cus... Read more

    • Published: Feb. 27, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-25169

    An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.... Read more

    Affected Products : mezzanine
    • Published: Feb. 28, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-48245

    The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.... Read more

    • EPSS Score: %0.40
    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1927

    A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The manipulation of the argument txtpassword leads to sql i... Read more

    • Published: Feb. 29, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-25180

    An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after in... Read more

    Affected Products : pdfmake
    • Published: Feb. 29, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-2147

    A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql inject... Read more

    • Published: Mar. 03, 2024
    • Modified: Jan. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-2154

    A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_product.php. The manipulation of the argument id leads to sql injection. The attack ca... Read more

    • Published: Mar. 04, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-43552

    Memory corruption while processing MBSSID beacon containing several subelement IE.... Read more

    • Published: Mar. 04, 2024
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-43553

    Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.... Read more

    • Published: Mar. 04, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-2077

    A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category_id leads to sql injection. It is possible to initiate t... Read more

    Affected Products : simple_online_bidding_system
    • Published: Mar. 01, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2023-45592

    A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “--no-sandbox” option and with root privileges) exacerbates the impacts of successful attacks executed against the ... Read more

    Affected Products : imx6
    • Published: Mar. 05, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-24098

    Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed.... Read more

    • Published: Mar. 05, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-27764

    An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.... Read more

    Affected Products : jeewms
    • Published: Mar. 05, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-28213

    nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-0917

    remote code execution in paddlepaddle/paddle 2.6.0... Read more

    Affected Products : paddlepaddle paddle
    • Published: Mar. 07, 2024
    • Modified: Jan. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-2268

    A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been classified as critical. Affected is an unknown function of the file /product_update.php?update=1. The manipulation of the argument update_image leads to unrestricted upload... Read more

    Affected Products : online_bookstore_website
    • Published: Mar. 07, 2024
    • Modified: Mar. 12, 2025
Showing 20 of 292761 Results