Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-34331

    A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.... Read more

    Affected Products : parallels_desktop
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2022-21686

    PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There ar... Read more

    Affected Products : prestashop
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26686

    File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.... Read more

    Affected Products : cs-cart_multivendor
    • Published: Sep. 25, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-26689

    An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.... Read more

    Affected Products : cs-cart_multivendor
    • Published: Sep. 25, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-42797

    An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.... Read more

    Affected Products : music_management_system
    • Published: Sep. 25, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-8275

    The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack o... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-47078

    Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connect... Read more

    • Published: Sep. 25, 2024
    • Modified: Dec. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-7772

    The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload... Read more

    Affected Products : jupiter_x_core jupiterx
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2021-44971

    Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injectio... Read more

    Affected Products : ac15_firmware ac5_firmware ac15 ac5
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9280

    A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads... Read more

    Affected Products : kvf-admin
    • Published: Sep. 27, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2021-40408

    An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided throug... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8310

    OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 9.8

    CRITICAL
    CVE-2021-46444

    H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID.... Read more

    Affected Products : multistore
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-46293

    Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token.... Read more

    • Published: Sep. 30, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-9194

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, f... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Sep. 30, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-0320

    The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary ... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46226

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter.... Read more

    Affected Products : di-7200gv2_firmware di-7200gv2
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46228

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter.... Read more

    Affected Products : di-7200gv2_firmware di-7200gv2
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46232

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter.... Read more

    Affected Products : di-7200gv2_firmware di-7200gv2
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9429

    A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql inject... Read more

    Affected Products : restaurant_reservation_system
    • Published: Oct. 02, 2024
    • Modified: Oct. 07, 2024
Showing 20 of 293615 Results