Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-5579

    A vulnerability was found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this issue is some unknown functionality of the file /search-product.php. The manipulation of the argument productname leads to sql injec... Read more

    Affected Products : dairy_farm_shop_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2010-4202

    Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.... Read more

    Affected Products : linux_kernel chrome
    • EPSS Score: %0.89
    • Published: Nov. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2020-15889

    Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.... Read more

    Affected Products : lua
    • EPSS Score: %0.52
    • Published: Jul. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13572

    A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide... Read more

    Affected Products : imagegear
    • EPSS Score: %1.18
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8508

    nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled.... Read more

    Affected Products : malware_cleaner
    • EPSS Score: %0.87
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40758

    User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.... Read more

    Affected Products : document_creator
    • EPSS Score: %0.10
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-4239

    Tiki Wiki CMS Groupware 5.2 has Local File Inclusion... Read more

    Affected Products : tikiwiki_cms\/groupware
    • EPSS Score: %59.16
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-125082

    A vulnerability was found in nivit redports. It has been declared as critical. This vulnerability affects unknown code of the file redports-trac/redports/model.py. The manipulation leads to sql injection. The name of the patch is fc2c1ea1b8d795094abb15ac7... Read more

    Affected Products : redports
    • EPSS Score: %0.06
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-1999-1324

    VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force pass... Read more

    Affected Products : openvms_vax
    • EPSS Score: %1.01
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-28303

    Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php.... Read more

    Affected Products :
    • Published: Mar. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11887

    SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution.... Read more

    Affected Products : simplybook
    • EPSS Score: %2.13
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000533

    klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using... Read more

    Affected Products : gitlist
    • EPSS Score: %93.25
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-6479

    A vulnerability classified as critical has been found in code-projects Simple Pizza Ordering System 1.0. This affects an unknown part of the file /salesreport.php. The manipulation of the argument dayfrom leads to sql injection. It is possible to initiate... Read more

    Affected Products : simple_pizza_ordering_system
    • Published: Jun. 22, 2025
    • Modified: Jun. 25, 2025

  • 9.8

    CRITICAL
    CVE-2020-12757

    HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated G... Read more

    Affected Products : vault
    • EPSS Score: %0.36
    • Published: Jun. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-4193

    IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857.... Read more

    Affected Products : security_guardium
    • EPSS Score: %0.41
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17625

    Professional Service Script 1.0 has SQL Injection via the service-list city parameter.... Read more

    Affected Products : on_demand_marketplace_script
    • EPSS Score: %2.38
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-18634

    The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.... Read more

    Affected Products : newspaper
    • EPSS Score: %1.08
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3727

    # Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes conta... Read more

    Affected Products : oh_my_zsh
    • EPSS Score: %1.36
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2001-0395

    Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.... Read more

    • EPSS Score: %1.13
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2017-17642

    Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.... Read more

    Affected Products : basic_job_site_script
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291150 Results