Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-28221

    A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.... Read more

    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-53480

    Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Dec. 10, 2024
    • Modified: Apr. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-34025

    CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2021-31746

    Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution.... Read more

    Affected Products : pluck
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11835

    cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.... Read more

    • Published: May. 09, 2019
    • Modified: Jul. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-5355

    A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been d... Read more

    Affected Products : report aj-report
    • Published: May. 26, 2024
    • Modified: Mar. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-25004

    Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php.... Read more

    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3190

    The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.... Read more

    Affected Products : async-git
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25061

    TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.... Read more

    Affected Products : tl-wr840n_firmware tl-wr840n
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25082

    TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.... Read more

    Affected Products : a950rg_firmware a950rg
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22399

    Deserialization of Untrusted Data vulnerability in Apache Seata.  When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sendi... Read more

    Affected Products : seata
    • Published: Sep. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22406

    Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated... Read more

    Affected Products : shopware
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4995

    Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0.... Read more

    Affected Products :
    • Published: Dec. 18, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-25247

    SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters.... Read more

    Affected Products : b2b2c_multi-business
    • Published: Feb. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22533

    Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not stri... Read more

    Affected Products : beetl
    • Published: Feb. 02, 2024
    • Modified: Jun. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-40845

    Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'sub_34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40899

    Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.... Read more

    Affected Products : ac8_firmware ac8v4_firmware ac8v4
    • Published: Aug. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9140

    There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs.... Read more

    Affected Products : emui magic_ui
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3332

    A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql in... Read more

    • Published: Sep. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2009-4491

    thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequenc... Read more

    Affected Products : thttpd
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025
Showing 20 of 294286 Results