Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-41316

    TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.... Read more

    Affected Products : a6000r_firmware a6000r
    • Published: Jul. 22, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-40841

    Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "add_white_node,"... Read more

    Affected Products : ac6_firmware ac6
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3651

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11. ... Read more

    Affected Products : digital_ant
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46327

    Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 20, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-48823

    A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.... Read more

    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-13321

    The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handle_get_stats() function. This makes it possible for unauthe... Read more

    Affected Products : analyticswp
    • Published: Mar. 14, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-41660

    slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory ove... Read more

    Affected Products :
    • Published: Jul. 31, 2024
    • Modified: Aug. 01, 2024

  • 9.8

    CRITICAL
    CVE-2024-1520

    An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by inje... Read more

    • Published: Apr. 10, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-13410

    The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' ... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44071

    SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.... Read more

    Affected Products : seacms
    • Published: May. 05, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-39348

    Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows Object Injection.This issue affects Grand Restaurant WordPress: from n/a through 7.0.... Read more

    Affected Products : grand_restaurant
    • Published: May. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-46586

    TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_allow (sub_415B00) function.... Read more

    Affected Products : tew-755ap_firmware tew-755ap
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-37084

    In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server... Read more

    Affected Products : spring_cloud_data_flow
    • Published: Jul. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-4905

    SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : wp-olivecart olivecart olivecartpro
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-45682

    There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.... Read more

    • Published: Sep. 17, 2024
    • Modified: Sep. 27, 2024

  • 9.8

    CRITICAL
    CVE-2025-2294

    The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute ... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2021-28173

    The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login.... Read more

    Affected Products : deltaflow
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3686

    A vulnerability was found in Bylancer QuickAI OpenAI 3.8.1. It has been declared as critical. This vulnerability affects unknown code of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The ... Read more

    Affected Products : quickai_openai
    • Published: Jul. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27773

    A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.... Read more

    Affected Products : endpoint_manager
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-42180

    HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute maliciou... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 12, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293620 Results