Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-27348

    RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixe... Read more

    Affected Products : jdk jre hugegraph
    • Actively Exploited
    • Published: Apr. 22, 2024
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2014-125026

    LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.... Read more

    Affected Products : golz4
    • Published: Dec. 27, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2018-1270

    Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicio... Read more

    • Published: Apr. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28578

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.... Read more

    • Published: Nov. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10389

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.... Read more

    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10376

    The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.... Read more

    Affected Products : i_recommend_this
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10384

    The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.... Read more

    Affected Products : memphis_documents_library
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10072

    In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.... Read more

    Affected Products : zsh zsh
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10379

    The duplicate-post plugin before 2.6 for WordPress has SQL injection.... Read more

    Affected Products : duplicate_post
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-3395

    The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows ... Read more

    Affected Products : confluence confluence_server
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27304

    pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multipl... Read more

    Affected Products :
    • Published: Mar. 06, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2020-28503

    The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality.... Read more

    Affected Products : copy-props
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-125029

    A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql inje... Read more

    Affected Products : paginationserviceprovider
    • Published: Jan. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28499

    All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .... Read more

    Affected Products : merge
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10387

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.... Read more

    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28472

    This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on th... Read more

    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10074

    Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.... Read more

    Affected Products : umbraco_cms
    • Published: Aug. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28480

    The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, le... Read more

    Affected Products : jointjs jointjs
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28453

    This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.... Read more

    Affected Products : npos-tesseract
    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16871

    Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.... Read more

    Affected Products : twincat twincat
    • Published: Dec. 19, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293343 Results