Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-26550

    A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.... Read more

    Affected Products : control-m
    • Published: Feb. 25, 2023
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2021-38733

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.... Read more

    Affected Products : semcms
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-5982

    A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the lo... Read more

    Affected Products : chuanhuchatgpt
    • Published: Oct. 29, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2023-29622

    Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.... Read more

    Affected Products : purchase_order_management
    • Published: Apr. 14, 2023
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-8336

    A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sq... Read more

    Affected Products : music_gallery_site
    • Published: Aug. 30, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2023-29741

    An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database.... Read more

    Affected Products : bestweather
    • Published: May. 30, 2023
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-8584

    Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.... Read more

    Affected Products : orca_hcm
    • Published: Sep. 09, 2024
    • Modified: Feb. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-29863

    Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.... Read more

    Affected Products : weblab
    • Published: May. 11, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-2987

    The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticate... Read more

    Affected Products : wordapp
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8331

    A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to in... Read more

    Affected Products : rapidcms
    • Published: Aug. 30, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2023-29926

    PowerJob V4.3.2 has unauthorized interface that causes remote code execution.... Read more

    Affected Products : powerjob
    • Published: Apr. 20, 2023
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-8972

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024.... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2023-6852

    A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack re... Read more

    Affected Products : kodexplorer
    • Published: Dec. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34365

    A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulne... Read more

    Affected Products : yf325_firmware yf325
    • Published: Oct. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7454

    A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is the function patient_name of the file patients.php. The manipulation leads to sql injection. The attack ma... Read more

    • Published: Aug. 04, 2024
    • Modified: Sep. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-9518

    The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated at... Read more

    Affected Products : userplus
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-7463

    A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be ini... Read more

    Affected Products : cp900_firmware cp900
    • Published: Aug. 05, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2025-5306

    Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Jun. 27, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-30371

    In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-30867

    netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php.... Read more

    Affected Products : ns-asg_firmware ns-asg
    • Published: Apr. 01, 2024
    • Modified: Apr. 04, 2025
Showing 20 of 294329 Results