Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-25312

    Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."... Read more

    Affected Products : simple_school_management_system
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-25310

    Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5."... Read more

    Affected Products : simple_school_management_system
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-25307

    Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."... Read more

    Affected Products : cinema_seat_reservation_system
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-25200

    Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.... Read more

    Affected Products : espruino
    • Published: Feb. 07, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24321

    An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Feb. 08, 2024
    • Modified: Jun. 20, 2025

  • 5.3

    MEDIUM
    CVE-2024-24215

    An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.... Read more

    Affected Products : nvt_web_server
    • Published: Feb. 08, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24189

    Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.... Read more

    Affected Products : jsish
    • Published: Feb. 07, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24015

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit... Read more

    Affected Products : novel-plus
    • Published: Feb. 06, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-22853

    D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.... Read more

    Affected Products : go-rt-ac750_firmware go-rt-ac750
    • Published: Feb. 06, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-22836

    An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.... Read more

    Affected Products : akaunting
    • Published: Feb. 08, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-22715

    Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php.... Read more

    Affected Products : stupid_simple_cms
    • Published: Jan. 17, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-47889

    The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequen... Read more

    Affected Products : super_reboot
    • Published: Feb. 06, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-46350

    SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods ... Read more

    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-24736

    The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558.... Read more

    Affected Products : ypops\!
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-24470

    Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.... Read more

    Affected Products : flusity
    • Published: Feb. 02, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24325

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-24324

    TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.... Read more

    Affected Products : a8000ru_firmware a8000ru
    • Published: Jan. 30, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-24136

    The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.... Read more

    Affected Products : math_game
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-23905

    Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : red_hat_dependency_analytics
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-23904

    Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary... Read more

    Affected Products : log_command
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293961 Results