Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-34597

    Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-55660

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allo... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-11015

    The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access tok... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-10124

    The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and includ... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2025-4115

    A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. Th... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45019

    A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-31570

    The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : ceneo-web-scrapper
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-30392

    Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_ai_bot_service
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4142

    A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was c... Read more

    Affected Products : ex6200_firmware ex6120
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4161

    A vulnerability classified as critical has been found in PCMan FTP Server up to 2.0.7. This affects an unknown part of the component VERBOSE Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The ex... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 01, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-22997

    Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.... Read more

    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-35628

    A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.... Read more

    Affected Products : living_user_experience
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-46566

    DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.... Read more

    Affected Products : dataease
    • Published: May. 01, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-35857

    kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file.... Read more

    Affected Products : kvf-admin
    • Published: Jul. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0077

    Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.... Read more

    Affected Products : router_manager
    • Published: Jan. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-30113

    Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection.... Read more

    Affected Products : electronic_mall_system
    • Published: Jul. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-3746

    The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's identity prior to updating their details, like email. Thi... Read more

    Affected Products :
    • Published: May. 02, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-3709

    Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack.... Read more

    Affected Products : agentflow
    • Published: May. 02, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-27434

    UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.... Read more

    Affected Products : teta
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-46442

    An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 11, 2024
Showing 20 of 293620 Results