Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-50422

    SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an ... Read more

    • EPSS Score: %0.75
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24782

    Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.... Read more

    Affected Products : funadmin
    • EPSS Score: %0.07
    • Published: Mar. 08, 2023
    • Modified: Mar. 05, 2025

  • 9.8

    CRITICAL
    CVE-2019-15000

    The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the f... Read more

    • EPSS Score: %11.11
    • Published: Sep. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-45479

    Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.26
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-15012

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The man... Read more

    Affected Products : mobile_software_development_kit
    • EPSS Score: %0.05
    • Published: Jan. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15559

    DianoxDragon Hawn before 2019-07-10 allows SQL injection.... Read more

    Affected Products : hawn
    • EPSS Score: %0.26
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1848

    A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/attendance_row.php. The manipulation of the argument id leads to sql injection. It is possible to... Read more

    Affected Products : online_payroll_system
    • EPSS Score: %0.05
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0778

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the ar... Read more

    Affected Products : isc_2500-s_firmware isc_2500-s
    • EPSS Score: %61.18
    • Published: Jan. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24051

    A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks.... Read more

    Affected Products : ac21000_g6_firmware ac21000_g6
    • EPSS Score: %0.09
    • Published: Dec. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-1863

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06. ... Read more

    • EPSS Score: %0.18
    • Published: Apr. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-32671

    Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.... Read more

    Affected Products : escargot
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-50987

    Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.... Read more

    Affected Products : i29_firmware i29
    • EPSS Score: %0.12
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15579

    In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.... Read more

    Affected Products : php_melody
    • EPSS Score: %0.38
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51101

    Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo.... Read more

    Affected Products : w9_firmware w9
    • EPSS Score: %0.17
    • Published: Dec. 26, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2019-18257

    In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arb... Read more

    Affected Products : diaganywhere
    • EPSS Score: %1.22
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51210

    SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function.... Read more

    Affected Products : bundle_product
    • EPSS Score: %1.46
    • Published: Jan. 23, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-36539

    Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.... Read more

    Affected Products : contour
    • Published: Jul. 24, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-21552

    All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server.... Read more

    Affected Products :
    • Published: Jul. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27565

    A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests.... Read more

    Affected Products : chatgpt-wechat-personal
    • Published: Mar. 05, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-4612

    Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will b... Read more

    Affected Products : central_authentication_service
    • EPSS Score: %0.04
    • Published: Nov. 09, 2023
    • Modified: Feb. 26, 2025
Showing 20 of 291573 Results