Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-24018

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list... Read more

    Affected Products : novel-plus
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2013-2748

    Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system.... Read more

    Affected Products : wemo_switch_firmware wemo_switch
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24017

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list... Read more

    Affected Products : novel-plus
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24013

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list... Read more

    Affected Products : novel-plus
    • Published: Feb. 06, 2024
    • Modified: Jun. 12, 2025

  • 9.8

    CRITICAL
    CVE-2013-2571

    Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.... Read more

    Affected Products : xpient_iris
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2570

    A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.... Read more

    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2513

    The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file.... Read more

    Affected Products : flash_tool
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-26154

    url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.... Read more

    Affected Products : fedora debian_linux leap libproxy
    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23917

    In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible... Read more

    Affected Products : teamcity
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8648

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-26105

    In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).... Read more

    Affected Products : cpanel
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-26098

    cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).... Read more

    Affected Products : cpanel
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25153

    The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.... Read more

    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23897

    Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary fi... Read more

    Affected Products : jenkins
    • Actively Exploited
    • Published: Jan. 24, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2020-26100

    chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).... Read more

    Affected Products : cpanel
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-26108

    cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).... Read more

    Affected Products : cpanel
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22496

    Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the fu... Read more

    Affected Products : netdata
    • Published: Jan. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16428

    In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.... Read more

    Affected Products : ubuntu_linux glib
    • Published: Sep. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18174

    In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-26051

    College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.... Read more

    Affected Products : college_management_system
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results