Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-1537

    Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.... Read more

    Affected Products : answer
    • EPSS Score: %0.05
    • Published: Mar. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19695

    Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.... Read more

    Affected Products : njs njs
    • EPSS Score: %0.94
    • Published: Apr. 04, 2023
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2017-14349

    An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.... Read more

    Affected Products : sitescope
    • EPSS Score: %0.76
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14492

    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.... Read more

    • EPSS Score: %92.64
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-33259

    Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.... Read more

    • EPSS Score: %0.12
    • Published: Apr. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14003

    An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an at... Read more

    • EPSS Score: %1.49
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-27742

    IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.... Read more

    Affected Products : idurar idurar
    • EPSS Score: %0.27
    • Published: May. 16, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-3059

    A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to in... Read more

    Affected Products : online_exam_form_submission
    • EPSS Score: %0.05
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-0636

    Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R202... Read more

    • EPSS Score: %0.12
    • Published: Jun. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32628

    In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. ... Read more

    Affected Products : webaccess\/scada
    • EPSS Score: %0.22
    • Published: Jun. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-36718

    The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a ... Read more

    • EPSS Score: %1.33
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14101

    A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a m... Read more

    Affected Products : conserus_image_repository
    • EPSS Score: %0.50
    • Published: Dec. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17821

    WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resize... Read more

    Affected Products : safari
    • EPSS Score: %0.68
    • Published: Dec. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17900

    SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.41
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-33274

    The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises fro... Read more

    Affected Products : snmp_web_pro
    • EPSS Score: %0.26
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-23585

    Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.  See Honeywell Security Notification for recommendations on upgrading and versioning. ... Read more

    • EPSS Score: %0.06
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3751

    A vulnerability was found in Super Store Finder 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component POST Parameter Handler. The manipulation of the argument products lea... Read more

    Affected Products : super_store_finder
    • EPSS Score: %0.04
    • Published: Jul. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3793

    A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with t... Read more

    Affected Products : e-cology
    • EPSS Score: %0.04
    • Published: Jul. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4179

    A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to s... Read more

    • EPSS Score: %0.05
    • Published: Aug. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12470

    Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.... Read more

    Affected Products : ccn-lite
    • EPSS Score: %0.41
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291216 Results