Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-35396

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.... Read more

    Affected Products : cp900_firmware cp900l_firmware cp900l
    • Published: May. 24, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-35373

    Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.... Read more

    Affected Products : mocodo_online
    • Published: May. 24, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-35374

    Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain ... Read more

    Affected Products : mocodo_online
    • Published: May. 24, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-5350

    A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remot... Read more

    Affected Products : report aj-report
    • Published: May. 25, 2024
    • Modified: Mar. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-5351

    A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be... Read more

    Affected Products : report aj-report
    • Published: May. 26, 2024
    • Modified: Mar. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-26289

    Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18.... Read more

    Affected Products : pmb pmb
    • Published: May. 27, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-35398

    TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.... Read more

    Affected Products : cp900l_firmware cp900l
    • Published: May. 28, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-3969

    XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload ... Read more

    Affected Products : imanager
    • Published: May. 28, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-35324

    Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php.... Read more

    Affected Products : douchat
    • Published: May. 28, 2024
    • Modified: Jun. 23, 2025

  • 9.8

    CRITICAL
    CVE-2021-32990

    FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : winproladder
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34919

    An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products :
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-35354

    A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_category. Manipulating the argument id can result in SQL injection.... Read more

    Affected Products : dino_physics_school_assistant
    • Published: May. 30, 2024
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-35469

    A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.... Read more

    Affected Products : human_resource_management_system
    • Published: May. 30, 2024
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2021-22367

    There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass.... Read more

    Affected Products : emui magic_ui
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36246

    Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.... Read more

    Affected Products :
    • Published: May. 31, 2024
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-5589

    A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The manipulation of the argument Mid leads to sql injection. I... Read more

    • Published: Jun. 03, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-5590

    A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulati... Read more

    • Published: Jun. 03, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-36568

    Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=.... Read more

    • Published: Jun. 03, 2024
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-37019

    Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.... Read more

    Affected Products : mender
    • Published: Jun. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-31682

    Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean v2.2.0 allows attackers to bypass fingerprint authentication due to the use of a deprecated API.... Read more

    Affected Products :
    • Published: Jun. 03, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293604 Results