Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-9296

    A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the ... Read more

    Affected Products : emlog
    • Published: Aug. 21, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-8913

    Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-6187

    A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack can be ini... Read more

    Affected Products : rg-uac_firmware rg-uac
    • Published: Jun. 20, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-6186

    A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument ad_log_name leads to os command injection. It is possible... Read more

    Affected Products : rg-uac_firmware rg-uac
    • Published: Jun. 20, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-6184

    A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/reboot/reboot_commit.php. The manipulation of the argument servicename leads to os command inj... Read more

    Affected Products : rg-uac_firmware rg-uac
    • Published: Jun. 20, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-31011

    Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.... Read more

    Affected Products : beescms
    • Published: Apr. 03, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-3739

    A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiate... Read more

    Affected Products : nginxwebui
    • Published: Apr. 13, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-3738

    A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is p... Read more

    Affected Products : nginx_ui nginxwebui
    • Published: Apr. 13, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-57154

    Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication via sending a crafted payload to /admin/auth/index.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-51543

    An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-32740

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 20, 2025

  • 9.8

    CRITICAL
    CVE-2025-8610

    AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to ex... Read more

    Affected Products : cyber_backup cyber_backup
    • Published: Aug. 20, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-57157

    Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-54143

    Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141.... Read more

    Affected Products : firefox
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-40535

    Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a stack overflow via the apn_name_3g parameter in the config_3g_para function.... Read more

    • Published: Jul. 16, 2024
    • Modified: Aug. 20, 2025

  • 9.8

    CRITICAL
    CVE-2025-9156

    A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is ... Read more

    Affected Products : sports_management_system
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-44373

    A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-24322

    An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trig... Read more

    Affected Products : ac6_firmware ac6
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-5765

    The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products : wpstickybar wpstickybar
    • Published: Jul. 30, 2024
    • Modified: Aug. 20, 2025

  • 9.8

    CRITICAL
    CVE-2025-5497

    A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argum... Read more

    Affected Products : phpwcms
    • Published: Jun. 03, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection
Showing 20 of 294514 Results