Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-22320

    IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute... Read more

    Affected Products : operational_decision_manager
    • Published: Feb. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22415

    jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access con... Read more

    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0558

    Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22891

    Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.... Read more

    Affected Products : nteract
    • Published: Mar. 01, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2019-7260

    Linear eMerge E3-Series devices have Cleartext Credentials in a Database.... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23059

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-49626

    Deserialization of Untrusted Data vulnerability in Piyushmca Shipyaari Shipping Management allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through 1.2.... Read more

    Affected Products : shipyaari_shipping_management
    • Published: Oct. 20, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2020-19107

    SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.... Read more

    Affected Products : online_book_store_project_in_php
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19112

    SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.... Read more

    Affected Products : online_book_store_project_in_php
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23605

    A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : llama.cpp
    • Published: Feb. 26, 2024
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-40008

    SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c.... Read more

    Affected Products : swftools
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-23731

    The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument.... Read more

    Affected Products : embedchain
    • Published: Jan. 21, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2022-0782

    The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), ... Read more

    Affected Products : donations
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-28390

    An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control.... Read more

    Affected Products : ultimateimagetool image_toolbox\
    • Published: Mar. 14, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-40202

    The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup sc... Read more

    Affected Products : infrasuite_device_master
    • Published: Oct. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2283

    A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch th... Read more

    Affected Products : automated-mess-management-system
    • Published: Mar. 08, 2024
    • Modified: Mar. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-12834

    eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being... Read more

    • Published: May. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24325

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-31856

    A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet.... Read more

    Affected Products : cp300\+_firmware cp300\+
    • Published: May. 16, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-29684

    DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.... Read more

    Affected Products : dedecms
    • Published: Mar. 26, 2024
    • Modified: Apr. 01, 2025
Showing 20 of 293645 Results