Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-36515

    Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.... Read more

    Affected Products : learnpress
    • Published: Jun. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34994

    In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`.... Read more

    Affected Products :
    • Published: Jun. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4742

    The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient esc... Read more

    Affected Products : youzify
    • Published: Jun. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4098

    The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the serv... Read more

    Affected Products : shariff_wrapper
    • Published: Jun. 20, 2024
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-6194

    A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file editmeasurement.php. The manipulation of the argument id leads to sql injection. It is possible to la... Read more

    • Published: Jun. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-37699

    An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption.... Read more

    Affected Products :
    • Published: Jun. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6027

    The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of suff... Read more

    Affected Products : product_filter
    • Published: Jun. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38389

    Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8.... Read more

    Affected Products : jupiter_x_core
    • Published: Jun. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38563

    An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorre... Read more

    Affected Products : pdf_reader pdf_editor
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6266

    A vulnerability classified as critical has been found in Pear Admin Boot up to 2.0.2. Affected is an unknown function of the file /system/dictData/loadDictItem. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exp... Read more

    Affected Products : pear_admin_boot
    • Published: Jun. 23, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34313

    An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint.... Read more

    Affected Products :
    • Published: Jun. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-37843

    Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.... Read more

    Affected Products : craft_cms
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5683

    Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.... Read more

    Affected Products :
    • Published: Jun. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-39243

    An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.... Read more

    Affected Products : skycaiji
    • Published: Jun. 26, 2024
    • Modified: Jun. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-1107

    Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.... Read more

    Affected Products : travel_apps
    • Published: Jun. 27, 2024
    • Modified: Sep. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-39669

    In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security.... Read more

    Affected Products :
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-35260

    An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network.... Read more

    Affected Products : power_platform
    • Published: Jun. 27, 2024
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-5822

    A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server... Read more

    Affected Products : chuanhuchatgpt
    • Published: Jun. 27, 2024
    • Modified: Jul. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-6265

    The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to... Read more

    Affected Products : userswp
    • Published: Jun. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-20078

    In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452.... Read more

    Affected Products : android mt6779 mt8791t mt8797 mt6768 mt8321 mt8765 mt8766 mt8768 mt8781 +11 more products
    • Published: Jul. 01, 2024
    • Modified: May. 28, 2025
Showing 20 of 293606 Results