Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-10371

    A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be use... Read more

    Affected Products : payroll_management_system
    • Published: Oct. 25, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-10376

    A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects the function actionPassOrNotAutoSign of the file /com/esafenet/servlet/service/processsign/AutoSignService.java. The manipulation of the argument Uni... Read more

    Affected Products : cdg
    • Published: Oct. 25, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-1830

    A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to... Read more

    Affected Products : library_system library_system
    • Published: Feb. 23, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2025-4514

    A vulnerability, which was classified as critical, has been found in Zhengzhou Jiuhua Electronic Technology mayicms up to 5.8E. Affected by this issue is some unknown functionality of the file /javascript.php. The manipulation of the argument Value leads ... Read more

    Affected Products : mayicms
    • Published: May. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2011-3621

    A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.... Read more

    Affected Products : fluxbb
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1958

    A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injec... Read more

    Affected Products : online_computer_and_laptop_store
    • Published: Apr. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32874

    In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Is... Read more

    Affected Products : lr13 nr15 nr16 nr17 mt2735 mt6779 mt6781 mt6783 mt6785 mt6785t +35 more products
    • Published: Jan. 02, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2011-4943

    ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13)... Read more

    Affected Products : impresspages_cms
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-5330

    Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls.... Read more

    Affected Products : distributed_ruby
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10909

    The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.... Read more

    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2007-6759

    Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.... Read more

    Affected Products : ibootbar_firmware ibootbar
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2012-10008

    A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is ... Read more

    Affected Products : oneapp
    • Published: Feb. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2386

    SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.... Read more

    • Actively Exploited
    • Published: Feb. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4351

    SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : email_encryption_gateway
    • Published: May. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-4373

    The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.... Read more

    Affected Products : operations_manager
    • Published: Aug. 01, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-2048

    The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.... Read more

    Affected Products : owncloud
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5069

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.... Read more

    Affected Products : aleos_firmware gx_440
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5818

    An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device.... Read more

    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7783

    SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.... Read more

    Affected Products : exponent_cms
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-1778

    The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.... Read more

    Affected Products : opendaylight
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294418 Results