Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-36533

    Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products :
    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42169

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-34849

    An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1.... Read more

    Affected Products : ikuaios
    • Published: Jun. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-0205

    A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remote... Read more

    Affected Products : online_shoe_store
    • Published: Jan. 04, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-36573

    almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269) component.... Read more

    Affected Products :
    • Published: Jun. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-31848

    A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.... Read more

    Affected Products :
    • Published: Apr. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8420

    The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attacke... Read more

    Affected Products : dhvc_form
    • Published: Feb. 28, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-9930

    The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verify_email' action. This makes it possible for unaut... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-8450

    Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges.... Read more

    • Published: Sep. 30, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2023-7159

    A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted uplo... Read more

    Affected Products : masterlab
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27817

    A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.... Read more

    Affected Products : shopxo
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36782

    TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.... Read more

    Affected Products : cp300_firmware cp300
    • Published: Jun. 03, 2024
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-31475

    An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size o... Read more

    • Published: May. 11, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-9080

    A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. It is possibl... Read more

    Affected Products : student_record_system
    • Published: Sep. 22, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-40425

    File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.... Read more

    Affected Products : sparkshop
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-7248

    Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.  The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue... Read more

    Affected Products : vertica
    • Published: Mar. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-6407

    A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /user-login.php. The manipulation of the argument Username leads to sql injection. It is possible to ... Read more

    Affected Products : online_hospital_management_system
    • Published: Jun. 21, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-27909

    IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.... Read more

    Affected Products : concert
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-1113

    A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be in... Read more

    Affected Products : tarzan-cms
    • Published: Feb. 07, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-31355

    A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vu... Read more

    Affected Products : ac6_firmware ac6
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication
Showing 20 of 294209 Results