Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-1659

    Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10.... Read more

    Affected Products : megabip
    • Published: Jun. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47208

    Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.... Read more

    Affected Products : ofbiz
    • Published: Nov. 18, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-37470

    Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8.... Read more

    Affected Products : woffice
    • Published: Nov. 01, 2024
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-37461

    Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a `belongType` value with a relative path like `../../../../` which may cause metersphere to attempt to overwrite an existing file in the defined location or to creat... Read more

    Affected Products : metersphere
    • EPSS Score: %0.08
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47359

    Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Depicter Slider: from n/a through 3.2.2.... Read more

    Affected Products : depicter
    • Published: Nov. 01, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2022-48149

    Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.... Read more

    Affected Products : online_student_admission_system
    • EPSS Score: %0.10
    • Published: Feb. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37522

    HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser. ... Read more

    • EPSS Score: %0.14
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9951

    Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerabilit... Read more

    • EPSS Score: %1.33
    • Published: Apr. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-43423

    The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 01, 2024

  • 9.8

    CRITICAL
    CVE-2022-4719

    Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.... Read more

    Affected Products : rdiffweb
    • EPSS Score: %0.08
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4724

    Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5.... Read more

    Affected Products : rdiffweb
    • EPSS Score: %0.28
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37704

    Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.... Read more

    Affected Products : fh1203_firmware fh1203
    • EPSS Score: %0.12
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37706

    Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the entrys parameter in the fromAddressNat function.... Read more

    Affected Products : fh1203_firmware fh1203
    • EPSS Score: %0.12
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3271

    A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to e... Read more

    Affected Products : llamaindex
    • Published: Apr. 16, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-42489

    EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource... Read more

    Affected Products : eisbaer_scada
    • EPSS Score: %0.20
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37924

    Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects ... Read more

    Affected Products : submarine
    • EPSS Score: %77.07
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-0270

    Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.... Read more

    Affected Products : zend_framework framework
    • EPSS Score: %0.39
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23425

    Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.... Read more

    Affected Products : android exynos dex
    • EPSS Score: %0.15
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-4428

    Improper Privilege Management vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024.... Read more

    Affected Products : managment_portal
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 9.8

    CRITICAL
    CVE-2023-48901

    A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.... Read more

    Affected Products : autoexpress
    • Published: Mar. 21, 2024
    • Modified: May. 19, 2025
Showing 20 of 291739 Results