Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-52765

    H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.... Read more

    Affected Products : gr-1800ax_firmware gr-1800ax
    • Published: Nov. 20, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-45484

    Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.26
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5882

    While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.... Read more

    • EPSS Score: %0.37
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22212

    Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended... Read more

    • EPSS Score: %1.15
    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40545

    Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests. ... Read more

    Affected Products : pingfederate
    • EPSS Score: %0.07
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31531

    Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).... Read more

    Affected Products : manageengine_servicedesk_plus_msp
    • EPSS Score: %5.64
    • Published: Jun. 29, 2021
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-40417

    When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate th... Read more

    Affected Products : davinci_resolve
    • EPSS Score: %1.54
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1379

    A vulnerability was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file addmem.php of the component POST Parameter Handler. The manipulation o... Read more

    • EPSS Score: %0.16
    • Published: Mar. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5994

    SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.... Read more

    Affected Products : js_jobs
    • EPSS Score: %1.49
    • Published: Feb. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10024

    ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if... Read more

    Affected Products : vp5208a_firmware vp5208a
    • EPSS Score: %0.59
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24984

    Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client s... Read more

    Affected Products : jqueryform
    • EPSS Score: %2.43
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31897

    In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.... Read more

    Affected Products : webstorm
    • EPSS Score: %0.01
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31932

    Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for t... Read more

    Affected Products : bts_trs_web_console
    • EPSS Score: %1.14
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29739

    Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=.... Read more

    Affected Products : money_transfer_management_system
    • EPSS Score: %0.25
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9148

    Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.... Read more

    Affected Products : fiyo_cms
    • EPSS Score: %24.23
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-22394

    An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040. ... Read more

    • EPSS Score: %0.64
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25125

    MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.... Read more

    Affected Products : mcms
    • EPSS Score: %82.82
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40756

    User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.... Read more

    Affected Products : callback_widget
    • EPSS Score: %0.10
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40846

    Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.... Read more

    Affected Products : ac6_firmware ac6
    • EPSS Score: %0.12
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40892

    Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi.... Read more

    Affected Products : ac8v4_firmware ac8v4
    • EPSS Score: %0.12
    • Published: Aug. 24, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291219 Results