Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-22928

    OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: May. 02, 2025

  • 9.1

    CRITICAL
    CVE-2024-55496

    A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter result in SQL injection.... Read more

    Affected Products : bookstore_management_system
    • Published: Dec. 17, 2024
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-48580

    SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request.... Read more

    Affected Products : best_courier_management_system
    • Published: Oct. 25, 2024
    • Modified: May. 02, 2025

  • 7.3

    HIGH
    CVE-2024-48259

    Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign.... Read more

    Affected Products : cloudlog
    • Published: Oct. 14, 2024
    • Modified: May. 02, 2025

  • 5.3

    MEDIUM
    CVE-2024-24407

    SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component.... Read more

    • Published: Mar. 28, 2024
    • Modified: May. 02, 2025

  • 8.1

    HIGH
    CVE-2024-22983

    SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.... Read more

    • Published: Feb. 28, 2024
    • Modified: May. 02, 2025

  • 5.1

    MEDIUM
    CVE-2025-25992

    SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025

  • 5.1

    MEDIUM
    CVE-2025-25993

    SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid."... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2025-25994

    SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025

  • 9.1

    CRITICAL
    CVE-2025-32754

    In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert thems... Read more

    Affected Products : ssh-agent
    • Published: Apr. 10, 2025
    • Modified: May. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-27684

    A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter.... Read more

    Affected Products : go-rt-ac750_firmware go-rt-ac750
    • Published: Mar. 04, 2024
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-57684

    An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-57683

    An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-57682

    An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025

  • 5.3

    MEDIUM
    CVE-2024-57681

    An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025

  • 5.3

    MEDIUM
    CVE-2024-57680

    An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-57679

    An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-57678

    An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-57677

    An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-57676

    An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jan. 16, 2025
    • Modified: May. 02, 2025
Showing 20 of 291162 Results