Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-6868

    mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloadi... Read more

    Affected Products : localai
    • Published: Oct. 29, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2022-23884

    Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer).... Read more

    Affected Products : bedrock_server
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0679

    The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticate... Read more

    Affected Products : narnoo_distributor
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48206

    A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbitrary code.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-10507

    A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be ini... Read more

    • Published: Oct. 30, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-50507

    Deserialization of Untrusted Data vulnerability in Daniel Schmitzer DS.DownloadList allows Object Injection.This issue affects DS.DownloadList: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-50419

    Incorrect Authorization vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.7.... Read more

    • Published: Oct. 30, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-24693

    Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the c... Read more

    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48112

    A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.... Read more

    Affected Products : thinkphp
    • Published: Oct. 30, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-48307

    JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.... Read more

    Affected Products : jeecg_boot
    • Published: Oct. 31, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-10392

    The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated ... Read more

    Affected Products : aipower
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-10595

    A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injectio... Read more

    Affected Products : cdg
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-10616

    A vulnerability classified as critical has been found in Tongda OA up to 11.9. This affects an unknown part of the file /pda/workflow/webSignSubmit.php. The manipulation of the argument saleId leads to sql injection. It is possible to initiate the attack ... Read more

    Affected Products : office_anywhere
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10617

    A vulnerability classified as critical was found in Tongda OA up to 11.10. This vulnerability affects unknown code of the file /pda/workflow/check_seal.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. ... Read more

    Affected Products : office_anywhere
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10655

    A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiat... Read more

    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2021-43479

    A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php.... Read more

    Affected Products : the_secretary
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10657

    A vulnerability classified as critical has been found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/approve_center/prcs_info.php. The manipulation of the argument RUN_ID leads to sql injection. It is possible to launch the att... Read more

    Affected Products : office_anywhere
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-37463

    Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.... Read more

    Affected Products : crm_perks_forms
    • Published: Nov. 01, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-27501

    Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.... Read more

    Affected Products : myvue speech vue_motion vue_pacs
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27534

    Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automati... Read more

    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293973 Results