Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-3963

    A vulnerability, which was classified as critical, has been found in withstars Books-Management-System 1.0. This issue affects some unknown processing of the file /admin/article/list of the component Background Interface. The manipulation leads to missing... Read more

    Affected Products : books-management-system
    • Published: Apr. 27, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2022-44928

    D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.... Read more

    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-41925

    The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 9.8

    CRITICAL
    CVE-2022-44196

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44184

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44201

    D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-43849

    Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_a and cpkt_b variables take user input (e.g. a path to a model) and pass it to the merge f... Read more

    • Published: May. 05, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2022-25890

    All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization. ... Read more

    Affected Products : wifey
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-44894

    FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radDftParamKey parameter in the web_radiusSrv_dftParam_post function.... Read more

    Affected Products : wgs-804hpt_firmware wgs-804hpt
    • Published: May. 20, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-48289

    Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object Injection. This issue affects Kids Planet: from n/a through 2.2.14.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4886

    A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/product_update.php. The manipulation of the argument serial leads to sql injecti... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 18, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-33975

    RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in... Read more

    Affected Products : riot
    • Published: May. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-1509

    The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before runni... Read more

    Affected Products : show_me_the_cookies
    • Published: Feb. 22, 2025
    • Modified: Feb. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4794

    A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /news.php. The manipulation of the argument newstitle leads to sql injection. ... Read more

    Affected Products : online_course_registration
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1581

    A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /book-nurse.php?bookid=1. The manipulation of the argument contactname leads t... Read more

    Affected Products : online_nurse_hiring_system
    • Published: Feb. 23, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-38870

    A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection.... Read more

    Affected Products : economizzer
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-4836

    A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /deleteAgent.php. The manipulation of the argument agent_id leads to sql injec... Read more

    Affected Products : life_insurance_management_system
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-3898

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1. ... Read more

    Affected Products : e-commerce
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39020

    stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.... Read more

    Affected Products : stanford_parser
    • Published: Jul. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36072

    Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker ... Read more

    Affected Products :
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293505 Results