Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-23167

    Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.... Read more

    Affected Products : amodat mobile_application_gateway
    • EPSS Score: %0.14
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5891

    An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application.... Read more

    Affected Products : geocall
    • EPSS Score: %0.99
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-41744

    All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design t... Read more

    • EPSS Score: %2.80
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34561

    A buffer overflow in the level parsing code of RobTop Games AB Geometry Dash v2.113 allows attackers to execute arbitrary code via entering a Geometry Dash level.... Read more

    Affected Products : geometry_dash
    • EPSS Score: %0.36
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18486

    An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter.... Read more

    Affected Products : phpshe
    • EPSS Score: %0.26
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2005-0269

    The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.... Read more

    Affected Products : gnuboard
    • EPSS Score: %1.76
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2020-4690

    IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.... Read more

    Affected Products : security_guardium
    • EPSS Score: %0.10
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18475

    Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload.... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %4.68
    • Published: Oct. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28212

    A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over... Read more

    Affected Products : ecostruxure_control_expert
    • EPSS Score: %1.40
    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-11324

    An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php wi... Read more

    Affected Products : tilde_cms
    • EPSS Score: %0.25
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2019-19874

    An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364.... Read more

    Affected Products : industrial_automation_aprol
    • EPSS Score: %1.31
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8598

    Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.... Read more

    Affected Products : libcsp libcsp
    • EPSS Score: %3.36
    • Published: Oct. 28, 2016
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2019-20361

    There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).... Read more

    • EPSS Score: %32.44
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2001-0766

    Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.... Read more

    Affected Products : http_server mac_os_x
    • EPSS Score: %13.81
    • Published: Oct. 18, 2001
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2001-1496

    Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.... Read more

    Affected Products : thttpd
    • EPSS Score: %19.07
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2006-7079

    Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'... Read more

    Affected Products : content_management_system
    • EPSS Score: %11.98
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-9090

    A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The ex... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 17, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-4919

    A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql... Read more

    Affected Products : online_examination_system
    • Published: May. 16, 2024
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2007-2020

    Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion... Read more

    Affected Products : xodagallery
    • EPSS Score: %2.54
    • Published: Apr. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-25668

    Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearab... Read more

    • EPSS Score: %0.13
    • Published: Sep. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292238 Results