Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-0565

    A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The explo... Read more

    Affected Products : zzcms
    • Published: Jan. 19, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-50766

    SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter.... Read more

    • Published: Nov. 07, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2025-3402

    A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.js%70. The manipulation of the argument Name leads to sql... Read more

    Affected Products : fe_collaborative_office_platform
    • Published: Apr. 08, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2022-46904

    Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-X... Read more

    Affected Products : websoft_hcm
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-46903

    Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored... Read more

    Affected Products : websoft_hcm
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-45997

    Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.... Read more

    Affected Products : w20e_firmware w15e
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-45996

    Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.... Read more

    Affected Products : w20e_firmware w15e
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-45980

    Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .... Read more

    Affected Products : ax12_firmware ax12
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-45979

    Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .... Read more

    Affected Products : ax12_firmware ax12
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-45977

    Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.... Read more

    Affected Products : ax12_firmware ax12
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-45970

    Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.... Read more

    Affected Products : alist
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2020-18243

    SQL injection vulnerability found in Enricozab CMS v.1.0 allows a remote attacker to execute arbitrary code via /hdo/hdo-view-case.php.... Read more

    Affected Products : cms
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-24948

    In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records.... Read more

    Affected Products : joturl
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-24949

    In JotUrl 2.0, is possible to bypass security requirements during the password change process.... Read more

    Affected Products : joturl
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-28198

    A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component.... Read more

    Affected Products : carsale hitout_car_sale
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-54802

    In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header.... Read more

    Affected Products : wnr854t_firmware wnr854t
    • Published: Mar. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-54803

    Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection.... Read more

    Affected Products : wnr854t_firmware wnr854t
    • Published: Mar. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2024-51006

    Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : r8500_firmware r8500
    • Published: Nov. 05, 2024
    • Modified: Apr. 22, 2025

  • 4.8

    MEDIUM
    CVE-2022-4010

    The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    Affected Products : image_hover_effects
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2022-46905

    Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Refl... Read more

    Affected Products : websoft_hcm
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 293620 Results