Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-34990

    A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.... Read more

    Affected Products : fortiwlm
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2021-27228

    An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names (such as constructor or hasOwnProperty) to convince... Read more

    Affected Products : shinobi_pro
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28429

    All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})... Read more

    Affected Products : geojson2kml
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32589

    A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and F... Read more

    • Published: Dec. 19, 2024
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2021-26102

    A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configur... Read more

    Affected Products : fortiwan
    • Published: Dec. 19, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-12787

    A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the argument... Read more

    • Published: Dec. 19, 2024
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-54983

    An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-12571

    The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitr... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-12884

    A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be laun... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 21, 2024
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-12894

    A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injection. It is possib... Read more

    Affected Products : treasurehunt
    • Published: Dec. 22, 2024
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-12927

    A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulation of the argume... Read more

    • Published: Dec. 25, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-12945

    A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerability affects unknown code of the file /account.php. The manipulation of the argument email/pass leads to sql injection. The attack can be initiat... Read more

    • Published: Dec. 26, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2021-26904

    LMA ISIDA Retriever 5.2 allows SQL Injection.... Read more

    Affected Products : retriever
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12956

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /add_achievement_details.php. The manipulation of the argument ach_certy leads to unrestricte... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 26, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-12959

    A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /update_personal_details.php. The manipulation of the argument q leads to sql injection. The attack ... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-12961

    A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /update_ach_details.php. The manipulation of the argument q leads to sql injection. It is possib... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 26, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-12977

    A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiat... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 27, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-12958

    A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_pro_details.php. The manipulation of the argument q leads to sql injection. It is possible to init... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 26, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2021-26476

    EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.... Read more

    Affected Products : eprints
    • Published: Mar. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27886

    rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.... Read more

    Affected Products : docker_dashboard
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293983 Results