Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-22662

    TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-43965

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.... Read more

    Affected Products : sendgrid
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-12947

    A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The attack may be l... Read more

    • Published: Dec. 26, 2024
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-23052

    An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.... Read more

    Affected Products : wukong_crm wukongcrm
    • Published: Feb. 29, 2024
    • Modified: Jan. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-44038

    Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.... Read more

    Affected Products : sunshine_photo_cart
    • Published: Nov. 01, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-44342

    D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request.... Read more

    Affected Products : dir-846w_firmware dir-846w
    • Published: Aug. 27, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-44902

    A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.... Read more

    Affected Products : thinkphp
    • Published: Sep. 09, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-45307

    SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's sett... Read more

    Affected Products : sudobot
    • Published: Sep. 03, 2024
    • Modified: Sep. 07, 2024

  • 9.8

    CRITICAL
    CVE-2024-24021

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.... Read more

    Affected Products : novel-plus
    • Published: Feb. 08, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-2021

    A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is... Read more

    • Published: Mar. 01, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-2022

    A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument Grou... Read more

    • Published: Mar. 01, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-46652

    Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function.... Read more

    Affected Products : ac8_firmware ac8v4_firmware ac8
    • Published: Sep. 20, 2024
    • Modified: Mar. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-25191

    php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.... Read more

    Affected Products : php-jwt
    • Published: Feb. 08, 2024
    • Modified: Jun. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-2054

    The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.... Read more

    Affected Products : artica_proxy
    • Published: Mar. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2014-5289

    Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.... Read more

    Affected Products : senkas_kolibri
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-5261

    A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exp... Read more

    Affected Products : tongda_office_anywhere
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2577

    A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization byp... Read more

    • Published: Mar. 18, 2024
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-39185

    EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user.... Read more

    Affected Products : bv-10_firmware bv-10
    • Published: Jan. 12, 2023
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-47308

    Missing Authorization vulnerability in Templately allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Templately: from n/a through 3.1.2.... Read more

    Affected Products : templately
    • Published: Nov. 01, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2021-25839

    A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.... Read more

    Affected Products : minthcm
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293517 Results