Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-35510

    An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : dedecms
    • Published: May. 28, 2024
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2020-5595

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the... Read more

    • EPSS Score: %0.39
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-5545

    TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted ... Read more

    Affected Products : iu1-1m20-d_firmware iu1-1m20-d
    • EPSS Score: %0.12
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-5531

    Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module /... Read more

    • EPSS Score: %0.77
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-35409

    WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.... Read more

    Affected Products : webid
    • Published: May. 22, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2018-3750

    The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existi... Read more

    Affected Products : deep_extend
    • EPSS Score: %0.39
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-3313

    SQL injection vulnerability in WordPress Community Events plugin before 1.4.... Read more

    Affected Products : community_events
    • EPSS Score: %18.46
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-35355

    A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_category. Manipulating the argument id can result in SQL injection.... Read more

    Affected Products : dino_physics_school_assistant
    • Published: May. 30, 2024
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-35368

    FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.... Read more

    Affected Products : ffmpeg
    • Published: Nov. 29, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2020-5519

    The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.... Read more

    Affected Products : openlitespeed
    • EPSS Score: %0.52
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-35359

    A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_item. Manipulating the argument id can result in SQL injection.... Read more

    Affected Products : dino_physics_school_assistant
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5089

    Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thu... Read more

    • EPSS Score: %2.66
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-35285

    A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.8

    CRITICAL
    CVE-2020-5505

    Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI.... Read more

    Affected Products : freelancy
    • EPSS Score: %31.36
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9265

    In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.... Read more

    Affected Products : openvswitch
    • EPSS Score: %1.54
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9433

    Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx.... Read more

    Affected Products : libmwaw
    • EPSS Score: %0.54
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-35276

    A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2018-6551

    The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region ... Read more

    Affected Products : glibc
    • EPSS Score: %0.42
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-5499

    Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same.... Read more

    Affected Products : rust_sgx_sdk
    • EPSS Score: %1.38
    • Published: Jan. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5446

    An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox... Read more

    • EPSS Score: %1.43
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292318 Results