Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-48322

    NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P be... Read more

    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-27114

    A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is ... Read more

    Affected Products : soplanning
    • Published: Sep. 11, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2023-24646

    An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : online_food_ordering_system
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-5396

    The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackup_ajax_handle() function not having a capability check, nor validating user supplied input passed directly t... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-5213

    A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_file.php. The manipulation of the argument ID leads to sql ... Read more

    Affected Products : responsive_e-learning_system
    • Published: May. 27, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-53867

    Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-24161

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Feb. 14, 2023
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2025-7751

    A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addclinic.php. The manipulation of the argument cid leads to sq... Read more

    Affected Products : online_appointment_booking_system
    • Published: Jul. 17, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-46892

    In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.... Read more

    • Published: Feb. 15, 2023
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-23460

    Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.... Read more

    Affected Products : priority
    • Published: Feb. 15, 2023
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2020-21119

    SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code.... Read more

    Affected Products : kliqqi_cms
    • Published: Feb. 15, 2023
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-24238

    TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: Feb. 16, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2025-7831

    A vulnerability classified as critical has been found in code-projects Church Donation System 1.0. This affects an unknown part of the file /members/Tithes.php. The manipulation of the argument trcode leads to sql injection. It is possible to initiate the... Read more

    Affected Products : church_donation_system
    • Published: Jul. 19, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2020-29168

    SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.... Read more

    • Published: Feb. 17, 2023
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-23064

    TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.... Read more

    Affected Products : a720r_firmware a720r
    • Published: Feb. 17, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-48328

    app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.... Read more

    Affected Products : misp
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-10019

    A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to addr... Read more

    Affected Products : oaicat
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25613

    An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. ... Read more

    Affected Products : identity_backend kerby_ldap_backend
    • Published: Feb. 20, 2023
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-23452

    Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.... Read more

    • Published: Feb. 20, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-23453

    Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.... Read more

    • Published: Feb. 20, 2023
    • Modified: Mar. 18, 2025
Showing 20 of 294358 Results