Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-8310

    OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.... Read more

    Affected Products :
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 9.8

    CRITICAL
    CVE-2021-46444

    H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID.... Read more

    Affected Products : multistore
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-46293

    Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token.... Read more

    • Published: Sep. 30, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-9194

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, f... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Sep. 30, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-0320

    The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary ... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46226

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter.... Read more

    Affected Products : di-7200gv2_firmware di-7200gv2
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46228

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter.... Read more

    Affected Products : di-7200gv2_firmware di-7200gv2
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-46232

    D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter.... Read more

    Affected Products : di-7200gv2_firmware di-7200gv2
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9429

    A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql inject... Read more

    Affected Products : restaurant_reservation_system
    • Published: Oct. 02, 2024
    • Modified: Oct. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-24122

    A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project f... Read more

    Affected Products : edraw
    • Published: Oct. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7824

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2... Read more

    Affected Products : secureanywhere_web_shield
    • Published: Oct. 03, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-7826

    Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.... Read more

    Affected Products : secureanywhere_web_shield
    • Published: Oct. 03, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-43699

    Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.... Read more

    Affected Products : diaenergie
    • Published: Oct. 03, 2024
    • Modified: Oct. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-47656

    This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to ga... Read more

    Affected Products : client_dashboard client_dashboard
    • Published: Oct. 04, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-9536

    A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. The attack may be... Read more

    Affected Products : cdg
    • Published: Oct. 05, 2024
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-20100

    In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Iss... Read more

    Affected Products : android iot_yocto mt6985 mt6989 mt6990 mt8183 mt8676 mt8678 mt8755 mt8775 +9 more products
    • Published: Oct. 07, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-46076

    RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.... Read more

    Affected Products : ruoyi
    • Published: Oct. 07, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-22810

    A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (... Read more

    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45873

    A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2022-24311

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to re... Read more

    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294505 Results