Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-40477

    A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter.... Read more

    Affected Products : old_age_home_management_system
    • Published: Aug. 12, 2024
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-7640

    A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file delete_register.php. The manipulation of the argument case_regist... Read more

    Affected Products : advocate_office_management_system
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-7643

    A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argum... Read more

    Affected Products : leads_manager_tool
    • Published: Aug. 12, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-42545

    TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42547

    TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-43141

    Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2.... Read more

    Affected Products : participants_database
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-42737

    In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-7743

    A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads... Read more

    Affected Products : ltcms
    • Published: Aug. 13, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-20083

    In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS0880578... Read more

    Affected Products : android mt6779 mt6785 mt8791t mt8797 mt6765 mt6768 mt8321 mt8667 mt8765 +15 more products
    • Published: Aug. 14, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-7732

    Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : dr.id_attendance_system
    • Published: Aug. 14, 2024
    • Modified: Oct. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-5914

    A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.... Read more

    Affected Products : cortex_xsoar_commonscripts
    • Published: Aug. 14, 2024
    • Modified: Aug. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-7830

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, ... Read more

    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-42978

    An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.... Read more

    Affected Products : fh1206_firmware fh1206
    • Published: Aug. 15, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-23168

    Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution.... Read more

    Affected Products :
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-27730

    Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-7838

    A vulnerability was found in itsourcecode Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcategory.php. The manipulation of the argument cname leads to sql injection. The... Read more

    Affected Products : online_food_ordering_system
    • Published: Aug. 15, 2024
    • Modified: Aug. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-7833

    A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiat... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-42850

    An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.... Read more

    Affected Products : silverpeas
    • Published: Aug. 16, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-7908

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer ov... Read more

    Affected Products : ex1200l_firmware ex1200l
    • Published: Aug. 18, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7920

    A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation lead... Read more

    Affected Products : jielink\+_jsotc2016
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024
Showing 20 of 292764 Results