Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-12229

    A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search leads to sql inject... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-37861

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file.... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2021-41408

    VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.... Read more

    Affected Products : voipmonitor
    • Published: Jun. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-53805

    Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.... Read more

    Affected Products : wp_mailster mailster
    • Published: Dec. 06, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-53807

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0.... Read more

    Affected Products : wp_mailster
    • Published: Dec. 06, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-54135

    ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. Us... Read more

    Affected Products : clipbucket
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-54747

    WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products : wn531p3_firmware
    • Published: Dec. 06, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-47547

    Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.... Read more

    Affected Products : reyee_os
    • Published: Dec. 06, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-52320

    The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-48874

    Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their in... Read more

    Affected Products : reyee_os
    • Published: Dec. 06, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-38924

    Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl l... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-41649

    Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_.... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2022-31374

    An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22701

    Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.... Read more

    Affected Products : ebook_store
    • Published: Dec. 09, 2024
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-31802

    In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the correspond... Read more

    Affected Products : gateway
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-31806

    In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.... Read more

    Affected Products : plcwinnt runtime_toolkit
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21829

    Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests o... Read more

    Affected Products : concrete_cms concrete5
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50903

    Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.4.0.... Read more

    • Published: Dec. 09, 2024
    • Modified: Mar. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-51353

    Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.... Read more

    Affected Products : popup
    • Published: Dec. 09, 2024
    • Modified: Mar. 10, 2025

  • 9.8

    CRITICAL
    CVE-2021-39409

    A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated.... Read more

    Affected Products : online_student_rate_system
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294824 Results