Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-1197

    IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672.... Read more

    • Published: Jun. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-25969

    gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().... Read more

    Affected Products : gnuplot gnuplot
    • Published: Jul. 05, 2023
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2013-2259

    Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview... Read more

    Affected Products : cryptocat
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25952

    SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.... Read more

    • Published: Nov. 16, 2020
    • Modified: Dec. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-23822

    Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have perm... Read more

    Affected Products : thruk
    • Published: Jan. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-4201

    Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.... Read more

    Affected Products : chrome
    • Published: Nov. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2020-25905

    An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.... Read more

    Affected Products : mobile_shop_system
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-4205

    Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.... Read more

    Affected Products : chrome
    • Published: Nov. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2013-2166

    python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass... Read more

    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23807

    The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DT... Read more

    Affected Products : xerces-c\+\+
    • Published: Feb. 29, 2024
    • Modified: Jan. 16, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000076

    RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vuln... Read more

    Affected Products : debian_linux rubygems
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-29504

    Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. ... Read more

    • Published: Feb. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25844

    The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.... Read more

    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23810

    A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.... Read more

    Affected Products : sinec_nms
    • Published: Feb. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2167

    python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass... Read more

    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2095

    rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection... Read more

    Affected Products : openshift-origin-controller
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8367

    The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.... Read more

    Affected Products : libraw
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25784

    An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling... Read more

    Affected Products : 720p_firmware 720p
    • Published: Jan. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25763

    Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.... Read more

    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23790

    Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.... Read more

    Affected Products : otrs
    • Published: Jan. 29, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results