Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-10256

    An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to ... Read more

    Affected Products : scim command_line_interface
    • EPSS Score: %0.26
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-35533

    WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.... Read more

    • EPSS Score: %5.20
    • Published: Aug. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10262

    A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes.... Read more

    Affected Products : bluecms bluecms
    • EPSS Score: %0.26
    • Published: Mar. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000423

    b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.... Read more

    Affected Products : b2evolution
    • EPSS Score: %1.70
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-31673

    Kliqqi-CMS 2.0.2 is vulnerable to SQL Injection in load_data.php via the userid parameter.... Read more

    Affected Products : kliqqi_cms
    • Published: May. 03, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2021-4300

    A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper acces... Read more

    Affected Products : halcyon
    • EPSS Score: %0.06
    • Published: Jan. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38969

    IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609.... Read more

    Affected Products : spectrum_virtualize
    • EPSS Score: %0.19
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4120

    The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugi... Read more

    Affected Products : stop_spammers
    • EPSS Score: %21.22
    • Published: Dec. 26, 2022
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2018-14709

    Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation.... Read more

    Affected Products : 5n2_firmware 5n2
    • EPSS Score: %0.62
    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000497

    Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution... Read more

    Affected Products : pepperminty-wiki
    • EPSS Score: %1.55
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1002023

    Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php... Read more

    Affected Products : easy_team_manager
    • EPSS Score: %10.33
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2019-15039

    An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.... Read more

    Affected Products : teamcity
    • EPSS Score: %0.35
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14819

    Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution.... Read more

    Affected Products : v-server_firmware v-server
    • EPSS Score: %2.84
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47218

    An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication.... Read more

    Affected Products : nebulagraph_database
    • Published: Sep. 22, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-33374

    Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication.... Read more

    Affected Products :
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-38395

    In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."... Read more

    Affected Products : iterm2
    • Published: Jun. 16, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-41217

    Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage.... Read more

    Affected Products : cloudflow
    • EPSS Score: %0.16
    • Published: Feb. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9402

    SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : mybb merge_system
    • EPSS Score: %3.69
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-23459

    Priority Windows may allow Command Execution via SQL Injection using an unspecified method.... Read more

    Affected Products : windows priority
    • EPSS Score: %0.07
    • Published: Feb. 15, 2023
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-46374

    Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php.... Read more

    • Published: Sep. 18, 2024
    • Modified: Apr. 16, 2025
Showing 20 of 291793 Results