Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-24000

    jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths... Read more

    Affected Products : jsherp
    • EPSS Score: %0.10
    • Published: Feb. 06, 2024
    • Modified: Jun. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-11963

    IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after... Read more

    Affected Products : iqrouter_firmware iqrouter
    • EPSS Score: %0.86
    • Published: Apr. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-27919

    Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.... Read more

    Affected Products : enterprise
    • EPSS Score: %2.15
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-11972

    Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.... Read more

    • EPSS Score: %8.39
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1770

    A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Affected by this vulnerability is the function get_scale of the file Master.php. The manipulation of the argument perc leads to sql injecti... Read more

    • EPSS Score: %0.05
    • Published: Mar. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43979

    ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts().... Read more

    Affected Products : ybc_blog
    • EPSS Score: %0.08
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43982

    Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other w... Read more

    • EPSS Score: %0.08
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-34854

    F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`... Read more

    Affected Products : datacube3_firmware datacube3
    • Published: May. 28, 2024
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2020-12019

    WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.... Read more

    Affected Products : webaccess
    • EPSS Score: %0.90
    • Published: Jun. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43617

    Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based o... Read more

    Affected Products : framework
    • EPSS Score: %50.07
    • Published: Nov. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-52411

    Deserialization of Untrusted Data vulnerability in Flowcraft UX Design Studio Advanced Personalization allows Object Injection.This issue affects Advanced Personalization: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Nov. 16, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2023-0938

    A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It i... Read more

    • EPSS Score: %0.07
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27143

    An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP.... Read more

    Affected Products : hg6245d_firmware hg6245d
    • EPSS Score: %0.68
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1887

    The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.... Read more

    Affected Products : firefox iphone_os
    • EPSS Score: %0.31
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-30909

    A remote authentication bypass issue exists in some OneView APIs. ... Read more

    Affected Products : oneview oneview
    • EPSS Score: %4.96
    • Published: Sep. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-36224

    Western Digital My Cloud devices before OS5 have a nobody account with a blank password.... Read more

    Affected Products : my_cloud_os my_cloud_pr4100
    • EPSS Score: %0.08
    • Published: Feb. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4414

    A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to ... Read more

    • EPSS Score: %4.92
    • Published: Aug. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15961

    iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.... Read more

    Affected Products : iproject_management_system
    • EPSS Score: %2.51
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-49238

    In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, i... Read more

    Affected Products : enterprise
    • EPSS Score: %0.82
    • Published: Jan. 09, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-0980

    A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/registrations/update_status.php of the component Status Update Handler. The manipulatio... Read more

    • EPSS Score: %0.04
    • Published: Feb. 23, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291750 Results