Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-25502

    Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component.... Read more

    Affected Products : flusity
    • Published: Feb. 15, 2024
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-39245

    DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic ... Read more

    • Published: Feb. 15, 2024
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-24377

    An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script.... Read more

    Affected Products : idocview
    • Published: Feb. 16, 2024
    • Modified: Jan. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-24794

    A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker w... Read more

    Affected Products : libdicom
    • Published: Feb. 20, 2024
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-22824

    An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component.... Read more

    Affected Products : timo
    • Published: Feb. 20, 2024
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-0528

    A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to s... Read more

    Affected Products : post-office
    • Published: Jan. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25894

    ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter.... Read more

    Affected Products : churchcrm
    • Published: Feb. 21, 2024
    • Modified: Mar. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-24331

    Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter.... Read more

    • Published: Feb. 21, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-25897

    ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.... Read more

    Affected Products : churchcrm
    • Published: Feb. 21, 2024
    • Modified: Mar. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-1824

    A vulnerability, which was classified as critical, has been found in CodeAstro House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file signing.php. The manipulation of the argument uname/password leads to sql i... Read more

    • Published: Feb. 23, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2023-51392

    Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.... Read more

    Affected Products : emberznet emberznet_sdk
    • Published: Feb. 23, 2024
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-1828

    A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads... Read more

    Affected Products : library_system
    • Published: Feb. 23, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-1833

    A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipulation of the argument txtusername/txtphone leads to sql ... Read more

    • Published: Feb. 23, 2024
    • Modified: Apr. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25751

    A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Feb. 26, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-24095

    Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.... Read more

    Affected Products : simple_stock_system
    • Published: Feb. 27, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-14563

    An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to memory corruption.... Read more

    Affected Products : thulac
    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-23262

    An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.... Read more

    Affected Products : mcms
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1514

    The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_contents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient prepara... Read more

    Affected Products : wp_ecommerce wp_ecommerce
    • Published: Feb. 28, 2024
    • Modified: Jan. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-25422

    SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.... Read more

    Affected Products : semcms
    • Published: Feb. 28, 2024
    • Modified: Mar. 29, 2025

  • 9.8

    CRITICAL
    CVE-2018-5384

    Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of t... Read more

    Affected Products : infinity
    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293510 Results