Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-22651

    There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.... Read more

    Affected Products : dir-815_firmware dir-815
    • Published: Jan. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27747

    File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.... Read more

    Affected Products : petrol_pump_management
    • Published: Mar. 01, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-27768

    Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE ... Read more

    Affected Products : unilogic
    • Published: Mar. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7266

    Linear eMerge 50P/5000P devices allow Authentication Bypass.... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27776

    MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE... Read more

    Affected Products : ubuntu_linux devicehub
    • Published: Jun. 02, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-23060

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-49625

    Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0.... Read more

    Affected Products : sitebuilder_dynamic_components
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 9.8

    CRITICAL
    CVE-2019-7321

    Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.... Read more

    Affected Products : mupdf
    • Published: Jun. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2811

    A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The a... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40113

    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php.... Read more

    Affected Products : online_banking_system
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-28389

    SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method.... Read more

    Affected Products :
    • Published: Mar. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2855

    A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based bu... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23738

    An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not... Read more

    Affected Products : macos postman
    • Published: Jan. 28, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24014

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list... Read more

    Affected Products : novel-plus
    • Published: Feb. 08, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-24093

    SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information.... Read more

    Affected Products : scholars_tracking_system
    • Published: Mar. 12, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-24213

    Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabas... Read more

    Affected Products : postgresql postgres
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24321

    An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Feb. 08, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-50477

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.... Read more

    Affected Products : stacks_mobile_app_builder
    • Published: Oct. 28, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-50550

    Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1.... Read more

    Affected Products : litespeed_cache
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-2690

    A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file /uupdate.php. The manipulation of the argument ima leads to unrestricted upload. It is possible t... Read more

    • Published: Mar. 20, 2024
    • Modified: Feb. 18, 2025
Showing 20 of 294270 Results