Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-26707

    The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attack... Read more

    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-28222

    In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.... Read more

    Affected Products : netbackup_appliance netbackup
    • Published: Mar. 07, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-28386

    An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.... Read more

    Affected Products :
    • Published: Mar. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-33408

    A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.... Read more

    • Published: May. 06, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-3359

    A vulnerability, which was classified as critical, has been found in SourceCodester Online Library System 1.0. This issue affects some unknown processing of the file admin/login.php. The manipulation of the argument user_email leads to sql injection. The ... Read more

    Affected Products : online_library_system
    • Published: Apr. 06, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-3376

    A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible ... Read more

    • Published: Apr. 06, 2024
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-56205

    Incorrect Privilege Assignment vulnerability in AI Magic allows Privilege Escalation.This issue affects AI Magic: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-33879

    An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path para... Read more

    • Published: Jun. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2298

    A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the a... Read more

    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5635

    A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql inject... Read more

    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-31224

    GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that... Read more

    Affected Products : gpt_academic gpt_academic
    • Published: Apr. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28316

    A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised accoun... Read more

    Affected Products : rocket.chat
    • Published: May. 09, 2023
    • Modified: Jan. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-5772

    A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /protocol/iscuser/deleteiscuser.php. The manipulation of the argument messagecon... Read more

    • Published: Jun. 09, 2024
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-34955

    Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter.... Read more

    Affected Products : budget_management
    • Published: May. 15, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-35091

    J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml.... Read more

    Affected Products : j2eefast
    • Published: May. 23, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-3041

    A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be i... Read more

    • Published: Mar. 28, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-10995

    A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /removeDoctorResult.php. The manipulation of the argument Name leads to sql injection. The a... Read more

    Affected Products : hospital_appointment_system
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-30602

    Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function.... Read more

    Affected Products : fh1203_firmware fh1203
    • Published: Mar. 28, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-30922

    SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering.... Read more

    Affected Products : derbynet
    • Published: Apr. 18, 2024
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-30982

    SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file.... Read more

    Affected Products : cyber_cafe_management_system
    • Published: Apr. 17, 2024
    • Modified: Apr. 07, 2025
Showing 20 of 293602 Results