Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-22249

    Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plu... Read more

    Affected Products : phplist
    • EPSS Score: %2.65
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22633

    Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request.... Read more

    Affected Products :
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22225

    Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.... Read more

    Affected Products : fundraising_script
    • EPSS Score: %0.26
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22632

    Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. This vulnerability is triggered via a crafted POST request.... Read more

    Affected Products :
    • Published: Apr. 26, 2024
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2020-22203

    SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php.... Read more

    Affected Products : phpcms
    • EPSS Score: %0.29
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22206

    SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php.... Read more

    Affected Products : ecshop
    • EPSS Score: %0.51
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22441

    HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.... Read more

    • Published: Jun. 13, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2019-18658

    In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a ... Read more

    Affected Products : helm
    • EPSS Score: %0.57
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19012

    An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remot... Read more

    • EPSS Score: %14.78
    • Published: Nov. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22205

    SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php.... Read more

    Affected Products : ecshop
    • EPSS Score: %0.51
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-28545

    Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Mar. 26, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-22391

    A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger t... Read more

    • Published: Apr. 25, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2020-22153

    File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.... Read more

    Affected Products : fuel_cms
    • EPSS Score: %5.30
    • Published: Jul. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22079

    Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.... Read more

    Affected Products : ac9_firmware ac10u_firmware ac10u ac9
    • EPSS Score: %5.51
    • Published: Oct. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8668

    Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.... Read more

    • EPSS Score: %7.40
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2012-5618

    Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.... Read more

    Affected Products : ushahidi
    • EPSS Score: %0.30
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22433

    Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to ... Read more

    Affected Products : data_protection_search
    • EPSS Score: %0.22
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17545

    GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.... Read more

    • EPSS Score: %1.65
    • Published: Oct. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-1860

    Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities... Read more

    Affected Products : contao contao_cms
    • EPSS Score: %0.28
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22330

    IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.... Read more

    Affected Products : security_verify_governance
    • Published: Jun. 06, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authentication
Showing 20 of 292522 Results