Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-41461

    Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.... Read more

    Affected Products : fh1201_firmware fh1201 fh1201_firmware
    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7007

    Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application.... Read more

    Affected Products : tra7005_firmware tra7005
    • Published: Jul. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-26520

    An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.... Read more

    Affected Products :
    • Published: Jul. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-40117

    Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 12... Read more

    Affected Products :
    • Published: Jul. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-41120

    streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 63 of `pages/9_🔲_Vector_Data_Visualization.py` takes user input, which is later passed to t... Read more

    Affected Products : streamlit-geospatial
    • Published: Jul. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5670

    The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.... Read more

    Affected Products : mail_sqr_expert sn_os
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7188

    A vulnerability was found in Bylancer Quicklancer 2.4. It has been rated as critical. This issue affects some unknown processing of the file /listing of the component GET Parameter Handler. The manipulation of the argument range2 leads to sql injection. T... Read more

    Affected Products : quicklancer
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7196

    A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument us... Read more

    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41511

    The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.... Read more

    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38823

    The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.... Read more

    Affected Products : icehrm
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41093

    Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additiona... Read more

    Affected Products : wire
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-37858

    SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.... Read more

    • Published: Jul. 29, 2024
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2021-3319

    DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/... Read more

    Affected Products : zephyr
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3832

    Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.... Read more

    Affected Products : integria_ims
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-38432

    Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File... Read more

    Affected Products : tafnit
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29903

    IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end d... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-39011

    Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects.... Read more

    Affected Products : redoc redoc
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42090

    An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.... Read more

    Affected Products : zammad
    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7273

    A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0. This vulnerability affects unknown code of the file search.php. The manipulation of the argument rcode leads to sql injection. The attack can be initiated remote... Read more

    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37123

    There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allo... Read more

    Affected Products : hero-ct060_firmware hero-ct060
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294270 Results