Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-7107

    A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact... Read more

    Affected Products : e-commerce_website
    • Published: Feb. 29, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2020-27539

    Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only fr... Read more

    Affected Products : cs-c2shw_firmware cs-c2shw
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25833

    F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database.... Read more

    Affected Products : datacube3_firmware datacube3 datacube3
    • Published: Feb. 29, 2024
    • Modified: Jan. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-27516

    Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Feb. 29, 2024
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-49543

    Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.... Read more

    Affected Products : book_store_management_system
    • Published: Mar. 01, 2024
    • Modified: Apr. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-24302

    An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method... Read more

    Affected Products : product_designer
    • Published: Mar. 03, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-2152

    A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/manage_product.php. The manipulation of the argument id... Read more

    • Published: Mar. 04, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-2153

    A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulation of the argument id leads to sql injection. It is pos... Read more

    • Published: Mar. 04, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2021-3304

    Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.... Read more

    Affected Products : f\@st_3686_firmware f\@st_3686
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21278

    RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target s... Read more

    Affected Products : rsshub
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49547

    Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login.... Read more

    Affected Products : customer_support_system
    • Published: Mar. 05, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2020-25785

    An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure.... Read more

    Affected Products : 720p_firmware 720p
    • Published: Jan. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26305

    An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.... Read more

    Affected Products : cdr
    • Published: Jan. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24765

    CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor t... Read more

    Affected Products : casaos casaos-userservice
    • Published: Mar. 06, 2024
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2024-24767

    CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application... Read more

    Affected Products : casaos casaos-userservice
    • Published: Mar. 06, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-41014

    code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer."... Read more

    Affected Products : online_job_portal
    • Published: Mar. 07, 2024
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-46172

    IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow a remote attacker to bypass authentication restrictions for authorized user. IBM X-Force ID: 269409.... Read more

    Affected Products : ds8900f_firmware ds8900f
    • Published: Mar. 07, 2024
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-2269

    A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument search leads to sql injection. Th... Read more

    • Published: Mar. 07, 2024
    • Modified: Mar. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-20296

    An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.... Read more

    Affected Products : cmswing
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-21176

    SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.... Read more

    Affected Products : thinkjs
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293425 Results