Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-4325

    Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities... Read more

    • EPSS Score: %0.09
    • Published: Aug. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20469

    An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.... Read more

    Affected Products : sahi_pro
    • EPSS Score: %11.60
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32540

    In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file exte... Read more

    Affected Products : webaccess\/scada
    • EPSS Score: %0.09
    • Published: Jun. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-44808

    D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function.... Read more

    Affected Products : dir-820l_firmware dir-820l
    • EPSS Score: %4.30
    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42531

    Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that t... Read more

    Affected Products :
    • Published: Aug. 23, 2024
    • Modified: Aug. 29, 2024

  • 9.8

    CRITICAL
    CVE-2019-7264

    Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform.... Read more

    • EPSS Score: %0.42
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16778

    In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.34
    • Published: Dec. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4501

    User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch upd... Read more

    • EPSS Score: %0.17
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-2931

    Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HT... Read more

    Affected Products : knowledge
    • EPSS Score: %1.90
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-42919

    eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.... Read more

    Affected Products :
    • Published: Aug. 20, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-2409

    The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' ... Read more

    Affected Products : masterstudy_lms
    • Published: Mar. 29, 2024
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-29006

    Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.... Read more

    • EPSS Score: %91.00
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-12637

    Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option.... Read more

    Affected Products : zulip_desktop zulip_desktop
    • EPSS Score: %0.22
    • Published: May. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33313

    Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigge... Read more

    Affected Products : r1510_firmware r1510
    • EPSS Score: %0.95
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-43153

    Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10.... Read more

    Affected Products : woffice
    • Published: Aug. 13, 2024
    • Modified: Aug. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-12895

    A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Affected by this vulnerability is the function console_log of the file TreasureHunt/checkflag.php. The manipulation of the argument problema leads to... Read more

    Affected Products : treasurehunt
    • Published: Dec. 22, 2024
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-38989

    izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2018-1309

    Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and disallow doctype declarations was applied on the Apache ... Read more

    Affected Products : nifi
    • EPSS Score: %2.86
    • Published: May. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-6139

    Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3... Read more

    Affected Products : user_id
    • EPSS Score: %2.13
    • Published: Feb. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-0877

    Product: AndroidVersions: Android SoCAndroid ID: A-273754094... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025
Showing 20 of 291783 Results