Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-6728

    A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file typeedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate th... Read more

    • Published: Jul. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2907

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605. ... Read more

    Affected Products : marksoft
    • Published: Jun. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23611

    iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users... Read more

    Affected Products : itunesrpc-remastered
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-33808

    A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.... Read more

    • Published: May. 28, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-54918

    Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-54931

    A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-6401

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2.... Read more

    Affected Products : insuree_gl
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-36445

    Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication.... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6102

    A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1. Affected is an unknown function of the file /Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent. The manipulation lea... Read more

    • Published: Nov. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2923

    A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exp... Read more

    Affected Products : ac6_firmware ac6
    • Published: May. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33556

    TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: Jun. 07, 2023
    • Modified: Jan. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-6229

    Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP67... Read more

    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27314

    SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.... Read more

    Affected Products : doctor_appointment_system
    • Published: Mar. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7098

    Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.... Read more

    Affected Products : winsure
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-7374

    A vulnerability classified as critical was found in SourceCodester Simple Realtime Quiz System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiat... Read more

    Affected Products : simple_realtime_quiz_system
    • Published: Aug. 02, 2024
    • Modified: Aug. 09, 2024

  • 9.8

    CRITICAL
    CVE-2022-41772

    Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. ... Read more

    Affected Products : infrasuite_device_master
    • Published: Oct. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5653

    A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack m... Read more

    Affected Products : t\+
    • Published: Jun. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6164

    The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP... Read more

    Affected Products : filter_\&_grids
    • Published: Jul. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29461

    An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in th... Read more

    Affected Products : arena arena_simulation
    • Published: May. 09, 2023
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-7857

    The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplie... Read more

    Affected Products : media_library_folders
    • Published: Aug. 29, 2024
    • Modified: Mar. 13, 2025
Showing 20 of 294316 Results