Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-3528

    A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument cat_id leads to sql injection. The attack may be launched ... Read more

    Affected Products : thinu-cms
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-29954

    Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255.... Read more

    Affected Products : hubs_cloud_reticulum hubs_cloud
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30014

    SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.... Read more

    Affected Products : judging_management_system
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-2688

    A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from... Read more

    Affected Products : expense_management_system
    • Published: Aug. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-30077

    Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.... Read more

    Affected Products : judging_management_system
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-39970

    Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution.... Read more

    Affected Products : acymailing_starter
    • Published: Aug. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-35839

    A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload.... Read more

    Affected Products : solon
    • Published: Jun. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-44076

    In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.... Read more

    Affected Products : microcks
    • Published: Aug. 19, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30149

    Composr 10.0.36 allows upload and execution of PHP files.... Read more

    Affected Products : composr composr_cms
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12792

    A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launche... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 19, 2024
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2021-30175

    ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.... Read more

    Affected Products : web_server
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3658

    A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argu... Read more

    Affected Products : ac_repair_and_services_system
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-44558

    Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Aug. 26, 2024
    • Modified: Aug. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-44677

    eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.... Read more

    Affected Products : eladmin
    • Published: Sep. 10, 2024
    • Modified: Mar. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-44553

    Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Aug. 26, 2024
    • Modified: Aug. 27, 2024

  • 9.8

    CRITICAL
    CVE-2022-4607

    A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to... Read more

    Affected Products : ogc_web_feature_service
    • Published: Dec. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3422

    A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack c... Read more

    Affected Products : online_courseware
    • Published: Apr. 07, 2024
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2021-30230

    The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter.... Read more

    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40582

    find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands i... Read more

    Affected Products : find-exec
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12969

    A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument u... Read more

    • Published: Dec. 26, 2024
    • Modified: Mar. 28, 2025
Showing 20 of 294267 Results