Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-2620

    A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/down_file.php. The manipulation of th... Read more

    • Published: Mar. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19896

    File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.... Read more

    Affected Products : minicms
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-26548

    An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.... Read more

    Affected Products : camera camera_firmware
    • Published: Feb. 29, 2024
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-31468

    There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP po... Read more

    Affected Products : arubaos instant instantos instant
    • Published: May. 14, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-31473

    There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8... Read more

    Affected Products : arubaos instant instantos instant
    • Published: May. 14, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2021-26600

    ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).... Read more

    Affected Products : impresscms
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5362

    A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible... Read more

    • Published: May. 26, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-53676

    A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.... Read more

    Affected Products : insight_remote_support
    • Published: Nov. 27, 2024
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-31849

    A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.... Read more

    Affected Products :
    • Published: Apr. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-53914

    An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.... Read more

    Affected Products : enterprise_vault
    • Published: Nov. 24, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-5356

    A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is poss... Read more

    Affected Products : report
    • Published: May. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40827

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid vulnerability.... Read more

    Affected Products : codeigniter
    • Published: Oct. 07, 2022
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-32900

    In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional execution privileges needed. User interaction is no... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22885

    Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation.... Read more

    Affected Products : hutool
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40881

    SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php... Read more

    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-5514

    MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions an... Read more

    Affected Products : minmax
    • Published: May. 30, 2024
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-28179

    Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately w... Read more

    Affected Products : jupyter_server_proxy
    • Published: Mar. 20, 2024
    • Modified: Feb. 21, 2025

  • 9.8

    CRITICAL
    CVE-2021-26707

    The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attack... Read more

    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-28222

    In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.... Read more

    Affected Products : netbackup_appliance netbackup
    • Published: Mar. 07, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-28386

    An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.... Read more

    Affected Products :
    • Published: Mar. 25, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293545 Results