Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-48070

    An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges... Read more

    Affected Products : e-cology
    • Published: Nov. 19, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2018-9341

    In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2022-1731

    Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist.... Read more

    Affected Products : metasonic_doc_webclient
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-52759

    D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function.... Read more

    Affected Products : di-8003_firmware di-8003
    • Published: Nov. 19, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2022-24108

    The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code executio... Read more

    Affected Products : so_listing_tabs
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-52442

    Incorrect Privilege Assignment vulnerability in Userplus UserPlus allows Privilege Escalation.This issue affects UserPlus: from n/a through 2.0.... Read more

    Affected Products : userplus
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10094

    Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code... Read more

    Affected Products : infinity
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9479

    In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.  User interaction is ... Read more

    Affected Products : android
    • Published: Nov. 20, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2022-28660

    The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode... Read more

    Affected Products : grafana
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-29224

    An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.... Read more

    Affected Products : gocast
    • Published: Nov. 21, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-11591

    A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument sername leads to sql injection. It is po... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 21, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-51366

    An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file.... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Dec. 04, 2024

  • 9.8

    CRITICAL
    CVE-2023-24467

    Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.... Read more

    Affected Products : imanager
    • Published: Nov. 22, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-51641

    Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-5716

    Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerabi... Read more

    Affected Products : unified_secops_platform
    • Published: Nov. 22, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-29650

    Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.... Read more

    Affected Products : online_food_ordering_system
    • Published: May. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47138

    The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.... Read more

    Affected Products : mypro
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2023-7299

    A vulnerability was found in DataGear up to 4.60. It has been declared as critical. This vulnerability affects unknown code of the file /dataSet/resolveSql. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely.... Read more

    Affected Products : datagear
    • Published: Nov. 23, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-53911

    An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.... Read more

    Affected Products : enterprise_vault
    • Published: Nov. 24, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-53913

    An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.... Read more

    Affected Products : enterprise_vault
    • Published: Nov. 24, 2024
    • Modified: Nov. 29, 2024
Showing 20 of 294433 Results