Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-53507

    A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.... Read more

    Affected Products : siyuan
    • Published: Nov. 29, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2021-37404

    There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3... Read more

    Affected Products : hadoop
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-49415

    Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : android android
    • Published: Dec. 03, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-52275

    Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 04, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-40744

    Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.... Read more

    Affected Products : convert_forms
    • Published: Dec. 04, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-52544

    An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Sep. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-12229

    A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search leads to sql inject... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-37861

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2021-41408

    VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.... Read more

    Affected Products : voipmonitor
    • Published: Jun. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-53805

    Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.... Read more

    Affected Products : wp_mailster mailster
    • Published: Dec. 06, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-53807

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0.... Read more

    Affected Products : wp_mailster
    • Published: Dec. 06, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-54135

    ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. Us... Read more

    Affected Products : clipbucket
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-54747

    WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products : wn531p3_firmware
    • Published: Dec. 06, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-47547

    Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.... Read more

    Affected Products : reyee_os
    • Published: Dec. 06, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-52320

    The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-48874

    Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their in... Read more

    Affected Products : reyee_os
    • Published: Dec. 06, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-38924

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl l... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-41649

    Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_.... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2022-31374

    An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22701

    Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.... Read more

    Affected Products : ebook_store
    • Published: Dec. 09, 2024
    • Modified: Feb. 27, 2025
Showing 20 of 293620 Results