Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-27507

    The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.... Read more

    Affected Products : kamailio
    • Published: Mar. 15, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-25849

    In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .... Read more

    Affected Products : make_an_offer\/offer_your_price
    • Published: Mar. 08, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-27481

    An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Param... Read more

    Affected Products : good_learning_management_system
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27422

    In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.... Read more

    Affected Products : time_tracker
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27416

    Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.... Read more

    Affected Products : mahavitaran
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27372

    A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.... Read more

    Affected Products : brandy
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25714

    In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has c... Read more

    Affected Products : debian_linux rhonabwy
    • Published: Feb. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-5027

    Collabtive 1.0 has incorrect access control... Read more

    Affected Products : collabtive
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4982

    AVTECH AVN801 DVR has a security bypass via the administration login captcha... Read more

    Affected Products : avn801_dvr_firmware avn801_dvr
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38429

    An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.... Read more

    Affected Products : linux_kernel
    • Published: Jul. 18, 2023
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-25678

    In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.... Read more

    Affected Products : lsquic
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-27297

    The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).... Read more

    Affected Products : opc_ua_tunneller
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-21652

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to eff... Read more

    Affected Products : argo-cd argo_cd
    • Published: Mar. 18, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-49195

    Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Oct. 15, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2013-4743

    Static HTTP Server 1.0 has a Local Overflow... Read more

    Affected Products : static_http_server
    • Published: Dec. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27251

    A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.... Read more

    Affected Products : factorytalk_linx
    • Published: Nov. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27241

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to ... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27239

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to tr... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27238

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger ... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27237

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an auth... Read more

    Affected Products : openclinic_ga
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293331 Results