Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10278

    A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible... Read more

    Affected Products : cdg
    • Published: Oct. 23, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2023-2345

    A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper author... Read more

    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10432

    A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql in... Read more

    Affected Products : simple_web-based_chat_application
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-33800

    A SQL injection vulnerability in /model/get_student1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.... Read more

    • Published: May. 28, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-12791

    A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotel... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 19, 2024
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-37806

    Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient.... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10615

    A vulnerability was found in Tongda OA 2017 up to 11.10. It has been rated as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/query/list/input_form/delete_data_attach.php. The manipulation of the argument... Read more

    • Published: Nov. 01, 2024
    • Modified: Nov. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-0525

    A vulnerability classified as critical has been found in CXBSoft Url-shorting up to 1.3.1. This affects an unknown part of the file /pages/long_s_short.php of the component HTTP POST Request Handler. The manipulation of the argument longurl leads to sql i... Read more

    Affected Products : url-shorting
    • Published: Jan. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10741

    A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file /Users/registration.php. The manipulation of the argument f_name leads to sql injection. The attack ca... Read more

    Affected Products : e-health_care_system
    • Published: Nov. 03, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-10752

    A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiat... Read more

    Affected Products : pet_shop_management_system
    • Published: Nov. 04, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-33806

    A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.... Read more

    • Published: May. 28, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-3789

    A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has bee... Read more

    Affected Products : tim_campus_confession_wall
    • Published: Nov. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-41119

    streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 80 in `8_🏜️_Raster_Data_Visualization.py` takes user input, which is later used in t... Read more

    Affected Products : streamlit-geospatial
    • Published: Jul. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4323

    Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup... Read more

    Affected Products : raid_controller_web_interface
    • Published: Aug. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-41704

    LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.... Read more

    Affected Products : librechat
    • Published: Jul. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4173

    A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. ... Read more

    Affected Products : brocade_sannav
    • Published: Apr. 25, 2024
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-52309

    Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. ... Read more

    Affected Products : paddlepaddle
    • Published: Jan. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-20079

    In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; I... Read more

    Affected Products : android mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6855 mt6873 mt6875 +20 more products
    • Published: Jul. 01, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-4338

    Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers... Read more

    Affected Products : raid_controller_web_interface
    • Published: Aug. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11661

    A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argume... Read more

    • Published: Nov. 25, 2024
    • Modified: Dec. 04, 2024
Showing 20 of 294289 Results