Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-31182

    EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method. ... Read more

    Affected Products : easytor
    • Published: May. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-21825

    A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file t... Read more

    Affected Products : llama.cpp
    • Published: Feb. 26, 2024
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2021-25209

    SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_user.php .... Read more

    Affected Products : theme_park_ticketing_system
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-43488

    Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.... Read more

    Affected Products : visual_studio_code
    • Published: Oct. 08, 2024
    • Modified: Oct. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38352

    ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload.... Read more

    Affected Products : thinkphp
    • Published: Sep. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12999

    A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remote... Read more

    Affected Products : small_crm
    • Published: Dec. 29, 2024
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-24200

    Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php.... Read more

    Affected Products : raffle_draw_system
    • Published: Feb. 06, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-3038

    SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the ap... Read more

    Affected Products : helpdezk
    • Published: Oct. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-25367

    Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server.... Read more

    • Published: Jun. 14, 2023
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-33269

    SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method.... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-44402

    D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.... Read more

    Affected Products : di-8100g_firmware di-8100g
    • Published: Sep. 06, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2023-27507

    MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.... Read more

    Affected Products : mailform
    • Published: May. 23, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-24091

    Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.... Read more

    Affected Products : yealink_meeting_server
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24202

    An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.... Read more

    Affected Products : zentao zentao_biz zentao_max
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24328

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30352

    Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed.... Read more

    Affected Products : cp3_firmware cp3
    • Published: May. 10, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-24962

    A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an un... Read more

    • Published: May. 28, 2024
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-2177

    Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.... Read more

    Affected Products : kayrasoft
    • Published: Sep. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25211

    Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.... Read more

    Affected Products : simple_expense_tracker_app
    • Published: Feb. 14, 2024
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-2537

    Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.... Read more

    Affected Products : logi_tune
    • Published: Mar. 15, 2024
    • Modified: Apr. 09, 2025
Showing 20 of 294277 Results