Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-2876

    The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and in... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39457

    Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit... Read more

    Affected Products : scada_data_gateway
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-40493

    LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this ... Read more

    Affected Products : simple_editor
    • Published: May. 03, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-40504

    LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulner... Read more

    Affected Products : simple_editor
    • Published: May. 03, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2020-18166

    Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".... Read more

    Affected Products : laobancms
    • Published: May. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42121

    Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability... Read more

    Affected Products : webpanel
    • Published: May. 03, 2024
    • Modified: Aug. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-51576

    Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-51583

    Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not require... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-51595

    Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not requ... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-4466

    SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database.... Read more

    Affected Products :
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4548

    An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perfor... Read more

    Affected Products : diaenergie
    • Published: May. 06, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-33124

    Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function..... Read more

    Affected Products : roothub
    • Published: May. 07, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-33153

    J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function.... Read more

    Affected Products : j2eefast
    • Published: May. 07, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-33164

    J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function.... Read more

    Affected Products : j2eefast
    • Published: May. 07, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2021-20721

    KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload arbitrary files via unspecified vectors. If the file contains PHP scripts, arbitrary code may be executed.... Read more

    Affected Products : konawiki
    • Published: May. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4393

    The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it po... Read more

    Affected Products :
    • Published: May. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25523

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-25529

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-25532

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-12784

    A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editbill.php. The manipulation of the argument id leads to sql injection. It is possible to launch the... Read more

    Affected Products : vehicle_management_system
    • Published: Dec. 19, 2024
    • Modified: Feb. 11, 2025
Showing 20 of 294264 Results