Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-19874

    An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364.... Read more

    Affected Products : industrial_automation_aprol
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8598

    Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.... Read more

    Affected Products : libcsp libcsp
    • Published: Oct. 28, 2016
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2019-20361

    There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).... Read more

    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-9090

    A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The ex... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 17, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-4919

    A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql... Read more

    Affected Products : online_examination_system
    • Published: May. 16, 2024
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2007-2020

    Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion... Read more

    Affected Products : xodagallery
    • Published: Apr. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-25668

    Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearab... Read more

    • Published: Sep. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-28495

    In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating... Read more

    Affected Products : metamako_operating_system 7130
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-54751

    COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2024-10371

    A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be use... Read more

    Affected Products : payroll_management_system
    • Published: Oct. 25, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10376

    A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects the function actionPassOrNotAutoSign of the file /com/esafenet/servlet/service/processsign/AutoSignService.java. The manipulation of the argument Uni... Read more

    Affected Products : cdg
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-1830

    A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to... Read more

    Affected Products : library_system library_system
    • Published: Feb. 23, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2025-4514

    A vulnerability, which was classified as critical, has been found in Zhengzhou Jiuhua Electronic Technology mayicms up to 5.8E. Affected by this issue is some unknown functionality of the file /javascript.php. The manipulation of the argument Value leads ... Read more

    Affected Products : mayicms
    • Published: May. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2011-3621

    A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.... Read more

    Affected Products : fluxbb
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1958

    A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injec... Read more

    Affected Products : online_computer_and_laptop_store
    • Published: Apr. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32874

    In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Is... Read more

    Affected Products : lr13 nr15 nr16 nr17 mt2735 mt6779 mt6781 mt6783 mt6785 mt6785t +35 more products
    • Published: Jan. 02, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2011-4943

    ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13)... Read more

    Affected Products : impresspages_cms
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-5330

    Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls.... Read more

    Affected Products : distributed_ruby
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10909

    The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.... Read more

    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2007-6759

    Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.... Read more

    Affected Products : ibootbar_firmware ibootbar
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293609 Results