Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-27710

    An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism.... Read more

    Affected Products : eskooly
    • Published: Jul. 05, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2020-28870

    In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.... Read more

    Affected Products : inoerp
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28872

    An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.... Read more

    Affected Products : monitorr monitorr
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27709

    SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component.... Read more

    Affected Products :
    • Published: Jul. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-8786

    pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.... Read more

    Affected Products : pcre2
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-13845

    An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.... Read more

    Affected Products : htslib
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-8979

    Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9103

    An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able ... Read more

    Affected Products : fedora leap adns
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9166

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11.... Read more

    Affected Products : autotrace
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2008-2108

    The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and si... Read more

    Affected Products : ubuntu_linux fedora debian_linux php
    • Published: May. 07, 2008
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-27746

    SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.... Read more

    Affected Products : petrol_pump_management
    • Published: Mar. 01, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2013-1400

    Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.... Read more

    Affected Products : wordpress_poll
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-125104

    A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The m... Read more

    Affected Products : vaultpress
    • Published: Jun. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27712

    An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism.... Read more

    Affected Products : eskooly
    • Published: Jul. 05, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2020-29015

    A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header contai... Read more

    Affected Products : fortiweb
    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16840

    A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nu... Read more

    Affected Products : ubuntu_linux curl
    • Published: Oct. 31, 2018
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2020-28638

    ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key.... Read more

    Affected Products : tomb
    • Published: Nov. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-125106

    Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.... Read more

    Affected Products : nanopb
    • Published: Jun. 17, 2023
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2014-125091

    A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. ... Read more

    Affected Products : polls_cp
    • Published: Mar. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-125101

    A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 i... Read more

    Affected Products : portfolio_gallery
    • Published: May. 28, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293331 Results