Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-2145

    A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been classified as critical. Affected is an unknown function of the file projects_per_curriculum.php. The manipulation of the argument id leads to sql injection. It is possi... Read more

    Affected Products : online_thesis_archiving_system
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28254

    A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.... Read more

    Affected Products : laravel
    • Published: Apr. 19, 2023
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-57686

    A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter.... Read more

    Affected Products : land_record_system
    • Published: Jan. 10, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-29971

    Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals.... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-2244

    A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id l... Read more

    • Published: Apr. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-57225

    Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.... Read more

    Affected Products : e7350_firmware e7350
    • Published: Jan. 10, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-12847

    NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulner... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-31060

    Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise.... Read more

    Affected Products : repetier-server
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2023-25132

    Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux... Read more

    Affected Products : powerpanel
    • Published: Apr. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24823

    RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between ... Read more

    Affected Products : riot
    • Published: Apr. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27848

    broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.... Read more

    Affected Products : broccoli-compass
    • Published: Apr. 24, 2023
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2012-5872

    ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.... Read more

    Affected Products : arc2
    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-30404

    Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.... Read more

    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-39989

    An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials.... Read more

    Affected Products : fighting_cock_information_system
    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-30211

    OURPHP <= 7.2.0 is vulnerable to SQL Injection.... Read more

    Affected Products : ourphp
    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-30363

    vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts.... Read more

    Affected Products : vconsole
    • Published: Apr. 26, 2023
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-2297

    The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient... Read more

    Affected Products : profile_builder
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30467

    This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit... Read more

    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2369

    A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The ... Read more

    Affected Products : faculty_evaluation_system
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27973

    Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.... Read more

    • Published: Apr. 28, 2023
    • Modified: Jan. 30, 2025
Showing 20 of 294283 Results