Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-11145

    Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5.... Read more

    Affected Products :
    • Published: Nov. 26, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-49035

    An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.... Read more

    Affected Products : partner_center
    • Actively Exploited
    • Published: Nov. 26, 2024
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-53673

    A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code.... Read more

    Affected Products : insight_remote_support
    • Published: Nov. 26, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2021-44055

    An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fi... Read more

    Affected Products : video_station
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0788

    The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users... Read more

    • Published: Jun. 08, 2022
    • Modified: Dec. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-53604

    A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.... Read more

    Affected Products : covid19_testing_management_system
    • Published: Nov. 27, 2024
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-29013

    A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.... Read more

    Affected Products : sila_firmware sila
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-25065

    A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to t... Read more

    Affected Products : opennetadmin
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11103

    The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This ma... Read more

    Affected Products : contest_gallery
    • Published: Nov. 28, 2024
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2017-20028

    A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able t... Read more

    Affected Products : humhub
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25845

    The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote s... Read more

    • Published: Jun. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41755

    dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php.... Read more

    Affected Products : dynamicmarkt
    • Published: Jun. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9921

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents.... Read more

    Affected Products : team\+_pro
    • Published: Oct. 14, 2024
    • Modified: Oct. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-52777

    DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php.... Read more

    Affected Products : dcme-520_firmware
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-52779

    DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php.... Read more

    Affected Products : dcme-520_firmware
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-52781

    DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php.... Read more

    Affected Products : dcme-520_firmware
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-36622

    In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.... Read more

    Affected Products : raspap raspap-webgui
    • Published: Nov. 29, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-49803

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.... Read more

    Affected Products : security_verify_access
    • Published: Nov. 29, 2024
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-53504

    A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.... Read more

    Affected Products : siyuan
    • Published: Nov. 29, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-53505

    A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.... Read more

    Affected Products : siyuan
    • Published: Nov. 29, 2024
    • Modified: Apr. 14, 2025
Showing 20 of 293620 Results