Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-32994

    Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.... Read more

    Affected Products : halo
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34132

    Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.... Read more

    Affected Products : jorani
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20125

    A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack ... Read more

    Affected Products : online_hotel_booking_system
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4144

    There is an object injection vulnerability in swfupload plugin for wordpress.... Read more

    Affected Products : swfupload
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33312

    Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigge... Read more

    Affected Products : r1510_firmware r1510
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33327

    Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger ... Read more

    Affected Products : r1510_firmware r1510
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-32324

    PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.... Read more

    Affected Products : pdfalto
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-32533

    Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is ... Read more

    Affected Products : jetspeed
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34597

    Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-55660

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allo... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-11015

    The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access tok... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-10124

    The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and includ... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2025-4115

    A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. Th... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45019

    A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-31570

    The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : ceneo-web-scrapper
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-30392

    Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_ai_bot_service
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4142

    A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was c... Read more

    Affected Products : ex6200_firmware ex6120
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4161

    A vulnerability classified as critical has been found in PCMan FTP Server up to 2.0.7. This affects an unknown part of the component VERBOSE Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The ex... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 01, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-22997

    Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.... Read more

    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-35628

    A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.... Read more

    Affected Products : living_user_experience
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294273 Results