Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-20080

    In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I... Read more

    Affected Products : android yocto rdk-b mt2735 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t +28 more products
    • Published: Jul. 01, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-20081

    In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; I... Read more

    Affected Products : android openwrt yocto rdk-b mt2735 mt6781 mt6785 mt6789 mt6833 mt6853 +29 more products
    • Published: Jul. 01, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-38993

    rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products : jsonic
    • Published: Jul. 01, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-39013

    2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products :
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6419

    A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=save_medicine. The manipulation of the argument id leads to sql injection. The attack... Read more

    Affected Products : medicine_tracker_system
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-39309

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm... Read more

    Affected Products : parse-server
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-39614

    D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values.... Read more

    Affected Products : dvx-2000ms_firmware dvx-2000ms
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41919

    Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.... Read more

    Affected Products : p1_firmware p1 p2_firmware p2
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-39028

    An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.... Read more

    Affected Products : seacms
    • Published: Jul. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-40614

    EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting.... Read more

    Affected Products : egroupware
    • Published: Jul. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-20675

    Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/.... Read more

    Affected Products : nuishop
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18106

    The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.... Read more

    Affected Products : wms
    • Published: Aug. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27782

    Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.... Read more

    Affected Products : fortiaiops
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40531

    Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a te... Read more

    Affected Products : macos sketch
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-37873

    SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6653

    A vulnerability was found in code-projects Simple Task List 1.0. It has been declared as critical. This vulnerability affects unknown code of the file loginForm.php of the component Login. The manipulation of the argument username leads to sql injection. ... Read more

    Affected Products : simple_task_list
    • Published: Jul. 11, 2024
    • Modified: Mar. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-36522

    The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which ... Read more

    Affected Products : wicket
    • Published: Jul. 12, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2021-28909

    BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usa... Read more

    Affected Products : eibport_firmware eibport
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-39887

    An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL autho... Read more

    Affected Products : superset
    • Published: Jul. 16, 2024
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-36435

    An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbit... Read more

    Affected Products :
    • Published: Jul. 11, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293608 Results