Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-48307

    JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.... Read more

    Affected Products : jeecg_boot
    • Published: Oct. 31, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-10392

    The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated ... Read more

    Affected Products : aipower
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-10595

    A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injectio... Read more

    Affected Products : cdg
    • Published: Oct. 31, 2024
    • Modified: Nov. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-10616

    A vulnerability classified as critical has been found in Tongda OA up to 11.9. This affects an unknown part of the file /pda/workflow/webSignSubmit.php. The manipulation of the argument saleId leads to sql injection. It is possible to initiate the attack ... Read more

    Affected Products : office_anywhere
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10617

    A vulnerability classified as critical was found in Tongda OA up to 11.10. This vulnerability affects unknown code of the file /pda/workflow/check_seal.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. ... Read more

    Affected Products : office_anywhere
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-10655

    A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiat... Read more

    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2021-43479

    A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php.... Read more

    Affected Products : the_secretary
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10657

    A vulnerability classified as critical has been found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/approve_center/prcs_info.php. The manipulation of the argument RUN_ID leads to sql injection. It is possible to launch the att... Read more

    Affected Products : office_anywhere
    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-37463

    Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.... Read more

    Affected Products : crm_perks_forms
    • Published: Nov. 01, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-27501

    Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.... Read more

    Affected Products : myvue speech vue_motion vue_pacs
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27534

    Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automati... Read more

    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-43323

    Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.... Read more

    Affected Products : reviewx
    • Published: Nov. 01, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-43919

    Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10.... Read more

    Affected Products : yet_another_related_posts_plugin
    • Published: Nov. 01, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-43979

    Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10.... Read more

    Affected Products : blockbooster
    • Published: Nov. 01, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-43998

    Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.... Read more

    Affected Products : blogpoet
    • Published: Nov. 01, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-47321

    Missing Authorization vulnerability in Fahad Mahmood WP Datepicker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Datepicker: from n/a through 2.1.1.... Read more

    Affected Products : wp_datepicker
    • Published: Nov. 01, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-47358

    Missing Authorization vulnerability in Popup Maker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Popup Maker: from n/a through 1.19.2.... Read more

    Affected Products : popup_maker
    • Published: Nov. 01, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-10659

    A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/document/CDGAuthoriseTempletService.java. The manipulation of the argument... Read more

    Affected Products : cdg
    • Published: Nov. 01, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2021-32986

    After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming... Read more

    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10697

    A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to... Read more

    Affected Products : ac6_firmware ac6
    • Published: Nov. 02, 2024
    • Modified: Apr. 05, 2025
Showing 20 of 294836 Results