Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-27416

    Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.... Read more

    Affected Products : mahavitaran
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27372

    A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.... Read more

    Affected Products : brandy
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25714

    In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has c... Read more

    Affected Products : debian_linux rhonabwy
    • Published: Feb. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-5027

    Collabtive 1.0 has incorrect access control... Read more

    Affected Products : collabtive
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4982

    AVTECH AVN801 DVR has a security bypass via the administration login captcha... Read more

    Affected Products : avn801_dvr_firmware avn801_dvr
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38429

    An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.... Read more

    Affected Products : linux_kernel
    • Published: Jul. 18, 2023
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-25678

    In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.... Read more

    Affected Products : lsquic
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-27297

    The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).... Read more

    Affected Products : opc_ua_tunneller
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-21652

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to eff... Read more

    Affected Products : argo-cd argo_cd
    • Published: Mar. 18, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-49195

    Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Oct. 15, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2013-4743

    Static HTTP Server 1.0 has a Local Overflow... Read more

    Affected Products : static_http_server
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27251

    A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.... Read more

    Affected Products : factorytalk_linx
    • Published: Nov. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27241

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to ... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27239

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to tr... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27238

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger ... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27237

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an auth... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27235

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25508

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 07, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2013-4486

    Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging... Read more

    Affected Products : linux_kernel zanata
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9687

    PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.... Read more

    Affected Products : fedora podofo
    • Published: Mar. 11, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293328 Results