Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-7726

    All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function.... Read more

    Affected Products : safe-object2
    • EPSS Score: %0.39
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24216

    Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.... Read more

    Affected Products : zentao
    • EPSS Score: %6.84
    • Published: Feb. 08, 2024
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-30886

    School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php.... Read more

    • EPSS Score: %0.65
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10516

    An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all ve... Read more

    Affected Products : enterprise_server github
    • EPSS Score: %0.38
    • Published: Jun. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24333

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.... Read more

    Affected Products : a3300r_firmware a3300r
    • EPSS Score: %2.74
    • Published: Jan. 30, 2024
    • Modified: Jun. 12, 2025

  • 9.8

    CRITICAL
    CVE-2013-3725

    Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.... Read more

    Affected Products : invision_power_board
    • EPSS Score: %0.88
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4231

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before 4.09. ... Read more

    Affected Products : informatics_online_payment_system
    • EPSS Score: %0.14
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10571

    An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.... Read more

    Affected Products : psd-tools
    • EPSS Score: %0.42
    • Published: Mar. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42359

    SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php.... Read more

    • EPSS Score: %0.52
    • Published: Sep. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2452

    In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.... Read more

    Affected Products : threadx_netx_duo
    • Published: Mar. 26, 2024
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-31013

    Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an asyn... Read more

    Affected Products : chat_server
    • EPSS Score: %0.47
    • Published: May. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42491

    EisBaer Scada - CWE-285: Improper Authorization... Read more

    Affected Products : eisbaer_scada
    • EPSS Score: %0.16
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27112

    pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php.... Read more

    Affected Products : pearprojectapi
    • Published: Jan. 21, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-6912

    Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.... Read more

    Affected Products : m-files_server
    • EPSS Score: %0.10
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12918

    Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir].... Read more

    Affected Products : kace_systems_management_appliance
    • EPSS Score: %0.39
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26613

    PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php.... Read more

    Affected Products : php-cms
    • EPSS Score: %0.29
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-31082

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection ca... Read more

    Affected Products : glpi_inventory
    • EPSS Score: %0.27
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-31122

    Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, ... Read more

    Affected Products : wire wire_server
    • EPSS Score: %0.12
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10674

    PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.... Read more

    Affected Products : perlspeak
    • EPSS Score: %0.50
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-53351

    Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.... Read more

    Affected Products : pipecd
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization
Showing 20 of 291222 Results