Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-30373

    In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-43341

    Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5.... Read more

    Affected Products : hello_agency
    • Published: Nov. 01, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-21802

    A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : llama.cpp
    • Published: Feb. 26, 2024
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-12484

    A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. This vulnerability affects unknown code of the file /signuppost.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated... Read more

    Affected Products : technical_discussion_forum
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-0389

    A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0. Affected is an unknown function of the file attendance_report.php. The manipulation of the argument class_id leads to sql injection. The exploit ... Read more

    Affected Products : student_attendance_system
    • Published: Jan. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25207

    Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.... Read more

    Affected Products : e-commerce_website
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25211

    Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php.... Read more

    Affected Products : online_ordering_system
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0479

    A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username... Read more

    Affected Products : taokeyun
    • Published: Jan. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38381

    An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some... Read more

    Affected Products : fortiadc
    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12898

    A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/faculty_action.php. The manipulation of the argument faculty_course_id leads... Read more

    • Published: Dec. 23, 2024
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-21632

    omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it sus... Read more

    Affected Products : omniauth\
    • Published: Jan. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12942

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/admin_login.php. The manipulation of the argument username/password leads to sql injecti... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-22662

    TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-43965

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.... Read more

    Affected Products : sendgrid
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-12947

    A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The attack may be l... Read more

    • Published: Dec. 26, 2024
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-23052

    An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.... Read more

    Affected Products : wukong_crm wukongcrm
    • Published: Feb. 29, 2024
    • Modified: Jan. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-44038

    Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.... Read more

    Affected Products : sunshine_photo_cart
    • Published: Nov. 01, 2024
    • Modified: Nov. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-44342

    D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request.... Read more

    Affected Products : dir-846w_firmware dir-846w
    • Published: Aug. 27, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-44902

    A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.... Read more

    Affected Products : thinkphp
    • Published: Sep. 09, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-45307

    SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's sett... Read more

    Affected Products : sudobot
    • Published: Sep. 03, 2024
    • Modified: Sep. 07, 2024
Showing 20 of 294274 Results