Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-5353

    A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The... Read more

    Affected Products : report
    • Published: May. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22770

    The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software ... Read more

    Affected Products : auditsafe
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-31777

    File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.... Read more

    Affected Products : open_eclass_platform openeclass
    • Published: Jun. 13, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-3203

    A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible ... Read more

    Affected Products : c-blosc2
    • Published: Apr. 02, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2023-28151

    An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.... Read more

    Affected Products : jspreadsheet
    • Published: Mar. 24, 2023
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-27227

    A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues... Read more

    Affected Products : android
    • Published: Mar. 11, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-40766

    Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring.... Read more

    Affected Products : omni_cms
    • Published: Sep. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40797

    Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server config... Read more

    Affected Products : roxy_fileman
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-22831

    An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.... Read more

    Affected Products : tessa
    • Published: Feb. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22845

    QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.... Read more

    Affected Products : homer_webapp
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40829

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function. Note: Multiple third parties have disputed this as not a valid vulnerability.... Read more

    Affected Products : codeigniter
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5359

    A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible... Read more

    Affected Products : zoo_management_system
    • Published: May. 26, 2024
    • Modified: Feb. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40851

    Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-54811

    A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter.... Read more

    • Published: Dec. 12, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-5378

    A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_sy.php. The manipulation of the argument id leads to sql... Read more

    • Published: May. 26, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-27939

    A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with ... Read more

    Affected Products : ruggedcom_crossbow
    • Published: May. 14, 2024
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-40869

    Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2021-26687

    An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).... Read more

    Affected Products : android
    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-33078

    Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution.... Read more

    Affected Products : libpag
    • Published: May. 01, 2024
    • Modified: Sep. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-28194

    your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens fo... Read more

    Affected Products : your_spotify
    • Published: Mar. 13, 2024
    • Modified: Feb. 12, 2025
Showing 20 of 294276 Results