Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-45482

    Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-10003

    A vulnerability classified as critical was found in gesellix titlelink on Joomla. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of the argument phrase leads to sql injection. The patch is... Read more

    Affected Products : titlelink
    • Published: Jan. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45697

    Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.... Read more

    Affected Products : dir-x4860_firmware dir-x4860
    • Published: Sep. 16, 2024
    • Modified: Sep. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-0267

    A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email... Read more

    Affected Products : hospital_management_system
    • Published: Jan. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33965

    Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.... Read more

    Affected Products : wp_visitor_statistics
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5243

    phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.... Read more

    Affected Products : phpwhois
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37334

    Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performe... Read more

    Affected Products : forms umbracoforms
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-10007

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The ide... Read more

    Affected Products : click-reminder
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37109

    patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the... Read more

    Affected Products : camp
    • Published: Nov. 14, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-1634

    A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/info_deal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to... Read more

    Affected Products : otcms
    • Published: Mar. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13350

    SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1955

    A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql inj... Read more

    Affected Products : online_computer_and_laptop_store
    • Published: Apr. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-37579

    The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check (when enabled) and reaching... Read more

    Affected Products : dubbo
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6699

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Mikafon MA7 allows SQL Injection.This issue affects Mikafon MA7: from v3.0 before v3.1.... Read more

    Affected Products : ma7_firmware ma7
    • Published: Jul. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33882

    Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arb... Read more

    Affected Products : autodesk_desktop
    • Published: Oct. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-55557

    ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2023-51019

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: Dec. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-55085

    GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.... Read more

    Affected Products : getsimple_cms
    • Published: Dec. 16, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-47302

    Missing Authorization vulnerability in WPManageNinja LLC Fluent Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through 1.8.0.... Read more

    Affected Products : fluent_support
    • Published: Nov. 01, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2022-31952

    Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident.... Read more

    Affected Products : rescue_dispatch_management_system
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293435 Results