Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-9585

    eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4300

    E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database ... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1659

    Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10.... Read more

    Affected Products : megabip
    • Published: Jun. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47208

    Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-37470

    Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8.... Read more

    Affected Products : woffice
    • Published: Nov. 01, 2024
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-37461

    Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a `belongType` value with a relative path like `../../../../` which may cause metersphere to attempt to overwrite an existing file in the defined location or to creat... Read more

    Affected Products : metersphere
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47359

    Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Depicter Slider: from n/a through 3.2.2.... Read more

    Affected Products : depicter
    • Published: Nov. 01, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2022-48149

    Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.... Read more

    Affected Products : online_student_admission_system
    • Published: Feb. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-43423

    The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 01, 2024

  • 9.8

    CRITICAL
    CVE-2022-4719

    Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.... Read more

    Affected Products : rdiffweb
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4724

    Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5.... Read more

    Affected Products : rdiffweb
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37706

    Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the entrys parameter in the fromAddressNat function.... Read more

    Affected Products : fh1203_firmware fh1203
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3271

    A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to e... Read more

    Affected Products : llamaindex
    • Published: Apr. 16, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-42489

    EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource... Read more

    Affected Products : eisbaer_scada
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37924

    Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects ... Read more

    Affected Products : submarine
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-0270

    Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.... Read more

    Affected Products : zend_framework framework
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23425

    Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.... Read more

    Affected Products : android exynos dex
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4428

    Improper Privilege Management vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024.... Read more

    Affected Products : managment_portal
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2023-48901

    A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.... Read more

    Affected Products : autoexpress
    • Published: Mar. 21, 2024
    • Modified: May. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-44542

    SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.... Read more

    Affected Products : todesk
    • Published: Sep. 18, 2024
    • Modified: Sep. 20, 2024
Showing 20 of 294274 Results