Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-8465

    SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.... Read more

    Affected Products : job_portal
    • Published: Sep. 05, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8466

    SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.... Read more

    Affected Products : job_portal
    • Published: Sep. 05, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8468

    SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it.... Read more

    Affected Products : job_portal
    • Published: Sep. 05, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8470

    SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.... Read more

    Affected Products : job_portal
    • Published: Sep. 05, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-8395

    FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication.... Read more

    Affected Products : flycass
    • Published: Sep. 05, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-8292

    The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new ... Read more

    Affected Products : wp-recall
    • Published: Sep. 06, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-7493

    The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for u... Read more

    Affected Products : wpcom_member
    • Published: Sep. 06, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-44839

    RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php.... Read more

    Affected Products : rapidcms
    • Published: Sep. 06, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-8561

    A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete.php of the component Delete Person Handler. The manipulation of the argument ... Read more

    Affected Products : php_crud
    • Published: Sep. 07, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-8568

    A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to l... Read more

    Affected Products : mini-tmall tmall_demo
    • Published: Sep. 08, 2024
    • Modified: Sep. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-6342

    **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute s... Read more

    • Published: Sep. 10, 2024
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-37227

    Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-8503

    An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.... Read more

    Affected Products : vicidial
    • Published: Sep. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38132

    Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.... Read more

    Affected Products : edirectory
    • Published: Sep. 12, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-6656

    Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13.... Read more

    Affected Products : cockpit
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-46046

    Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.... Read more

    Affected Products : fh451_firmware fh451
    • Published: Sep. 13, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-44430

    SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface... Read more

    Affected Products : best_free_law_office_management
    • Published: Sep. 13, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-46918

    app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.... Read more

    Affected Products : misp
    • Published: Sep. 15, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-45694

    The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.... Read more

    • Published: Sep. 16, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-8868

    A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be init... Read more

    Affected Products : crud_operation_system
    • Published: Sep. 15, 2024
    • Modified: Sep. 17, 2024
Showing 20 of 292764 Results