Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-23827

    Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the... Read more

    Affected Products : nginx_ui
    • EPSS Score: %2.96
    • Published: Jan. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12567

    Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387... Read more

    Affected Products : open_tftp_server
    • EPSS Score: %2.74
    • Published: Dec. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-33023

    Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.... Read more

    Affected Products : webaccess
    • EPSS Score: %0.91
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9578

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : magento
    • EPSS Score: %3.23
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-47129

    Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feat... Read more

    Affected Products : statamic
    • EPSS Score: %3.76
    • Published: Nov. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41920

    The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.... Read more

    Affected Products :
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41921

    A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before... Read more

    Affected Products :
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-7264

    The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users ... Read more

    • Published: Jun. 11, 2024
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-0851

    Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:S... Read more

    • EPSS Score: %0.24
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7674

    access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution.... Read more

    Affected Products : access-policy
    • EPSS Score: %1.20
    • Published: Jun. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12774

    finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database... Read more

    Affected Products : finecms
    • EPSS Score: %0.90
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-7726

    All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function.... Read more

    Affected Products : safe-object2
    • EPSS Score: %0.39
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24216

    Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.... Read more

    Affected Products : zentao
    • EPSS Score: %6.84
    • Published: Feb. 08, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-30886

    School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php.... Read more

    • EPSS Score: %0.65
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10516

    An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all ve... Read more

    Affected Products : enterprise_server github
    • EPSS Score: %0.38
    • Published: Jun. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24333

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.... Read more

    Affected Products : a3300r_firmware a3300r
    • EPSS Score: %2.74
    • Published: Jan. 30, 2024
    • Modified: Jun. 12, 2025

  • 9.8

    CRITICAL
    CVE-2013-3725

    Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.... Read more

    Affected Products : invision_power_board
    • EPSS Score: %0.88
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4231

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before 4.09. ... Read more

    Affected Products : informatics_online_payment_system
    • EPSS Score: %0.14
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10571

    An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.... Read more

    Affected Products : psd-tools
    • EPSS Score: %0.42
    • Published: Mar. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42359

    SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php.... Read more

    • EPSS Score: %0.52
    • Published: Sep. 18, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291401 Results