Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-23340

    Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.... Read more

    Affected Products : joplin
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7375

    A vulnerability, which was classified as critical, has been found in SourceCodester Simple Realtime Quiz System 1.0. This issue affects some unknown processing of the file /my_quiz_result.php. The manipulation of the argument quiz leads to sql injection. ... Read more

    Affected Products : simple_realtime_quiz_system
    • Published: Aug. 02, 2024
    • Modified: Aug. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-37734

    An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.... Read more

    Affected Products : openemr
    • Published: Jun. 26, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-7464

    A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The att... Read more

    Affected Products : cp900_firmware cp900
    • Published: Aug. 05, 2024
    • Modified: Aug. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-7582

    A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to ... Read more

    Affected Products : i22_firmware i22
    • Published: Aug. 07, 2024
    • Modified: Aug. 08, 2024

  • 9.8

    CRITICAL
    CVE-2024-7797

    A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. Affected is an unknown function of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login. The manipulation of the argume... Read more

    Affected Products : simple_online_bidding_system
    • Published: Aug. 15, 2024
    • Modified: Aug. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-7851

    A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the component Add User Handler. The manipulation leads to impr... Read more

    • Published: Aug. 16, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2022-41518

    TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi.... Read more

    Affected Products : nr1800x_firmware nr1800x
    • Published: Oct. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7936

    A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferred_report.php. The manipulation of the argument start/end/employee leads to sql injection. It is... Read more

    Affected Products : project_expense_monitoring_system
    • Published: Aug. 20, 2024
    • Modified: Sep. 03, 2024

  • 9.8

    CRITICAL
    CVE-2024-34048

    O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler.... Read more

    Affected Products : ric-plt-e2mgr
    • Published: Apr. 30, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-8129

    A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-... Read more

    • Published: Aug. 24, 2024
    • Modified: Aug. 27, 2024

  • 9.8

    CRITICAL
    CVE-2022-25686

    Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables... Read more

    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8415

    A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /routers/add-ticket.php. The manipulation of the argument id leads to sql injectio... Read more

    Affected Products : food_ordering_management_system
    • Published: Sep. 04, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2021-27165

    An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials.... Read more

    Affected Products : hg6245d_firmware hg6245d
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8567

    A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=delete_deductions. The manipulation of the argument id leads to sql in... Read more

    • Published: Sep. 08, 2024
    • Modified: Sep. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-34909

    An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products : kykms
    • Published: May. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34929

    A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index parameter.... Read more

    • Published: May. 23, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-8762

    A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatedata.php. The manipulation of the argument sid leads to sql injection. It is possible to initiate the... Read more

    Affected Products : crud_operation_system
    • Published: Sep. 13, 2024
    • Modified: Sep. 14, 2024

  • 9.8

    CRITICAL
    CVE-2024-8030

    The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store... Read more

    Affected Products : ultimate_store_kit
    • Published: Aug. 28, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-33220

    During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted devi... Read more

    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294276 Results