Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-3038

    SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the ap... Read more

    Affected Products : helpdezk
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25367

    Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server.... Read more

    • Published: Jun. 14, 2023
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-33269

    SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method.... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-44402

    D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.... Read more

    Affected Products : di-8100g_firmware di-8100g
    • Published: Sep. 06, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2023-27507

    MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.... Read more

    Affected Products : mailform
    • Published: May. 23, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-24091

    Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.... Read more

    Affected Products : yealink_meeting_server
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24202

    An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.... Read more

    Affected Products : zentao zentao_biz zentao_max
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24328

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30352

    Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed.... Read more

    Affected Products : cp3_firmware cp3
    • Published: May. 10, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-24962

    A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an un... Read more

    • Published: May. 28, 2024
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-2177

    Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.... Read more

    Affected Products : kayrasoft
    • Published: Sep. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25211

    Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.... Read more

    Affected Products : simple_expense_tracker_app
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-2537

    Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.... Read more

    Affected Products : logi_tune
    • Published: Mar. 15, 2024
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-5260

    A vulnerability, which was classified as critical, has been found in SourceCodester Simple Membership System 1.0. This issue affects some unknown processing of the file group_validator.php. The manipulation of the argument club_id leads to sql injection. ... Read more

    Affected Products : simple_membership_system
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47636

    Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.9.... Read more

    Affected Products : jobsearch_wp_job_board jobsearch
    • Published: Oct. 10, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-21508

    Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.... Read more

    Affected Products : mysql2
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48150

    D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.... Read more

    Affected Products : dir-820l_firmware dir-820l
    • Published: Oct. 14, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-48218

    Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-48229

    funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.... Read more

    Affected Products : funadmin
    • Published: Oct. 25, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-49052

    Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_functions
    • Published: Nov. 26, 2024
    • Modified: Feb. 05, 2025
Showing 20 of 293646 Results