Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2013-4982

    AVTECH AVN801 DVR has a security bypass via the administration login captcha... Read more

    Affected Products : avn801_dvr_firmware avn801_dvr
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38429

    An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.... Read more

    Affected Products : linux_kernel
    • Published: Jul. 18, 2023
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-25678

    In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.... Read more

    Affected Products : lsquic
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-27297

    The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).... Read more

    Affected Products : opc_ua_tunneller
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-21652

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to eff... Read more

    Affected Products : argo-cd argo_cd
    • Published: Mar. 18, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-49195

    Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Oct. 15, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2013-4743

    Static HTTP Server 1.0 has a Local Overflow... Read more

    Affected Products : static_http_server
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27251

    A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.... Read more

    Affected Products : factorytalk_linx
    • Published: Nov. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27241

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to ... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27239

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to tr... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27238

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger ... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27237

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an auth... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27235

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25508

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 07, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2013-4486

    Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging... Read more

    Affected Products : linux_kernel zanata
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9687

    PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.... Read more

    Affected Products : fedora podofo
    • Published: Mar. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27236

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27221

    In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.... Read more

    Affected Products : openj9
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25320

    Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.... Read more

    • Published: Feb. 16, 2024
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-25249

    An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.... Read more

    Affected Products : he3_app
    • Published: Feb. 21, 2024
    • Modified: Mar. 27, 2025
Showing 20 of 293261 Results