Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2012-6125

    Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.... Read more

    Affected Products : chicken
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14540

    A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.... Read more

    • Published: Sep. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23113

    A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 th... Read more

    • Actively Exploited
    • Published: Feb. 15, 2024
    • Modified: Nov. 29, 2024

  • 9.8

    CRITICAL
    CVE-2018-18249

    Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navi... Read more

    Affected Products : icinga_web_2
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22875

    Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.... Read more

    Affected Products : jsish
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23058

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23061

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 11, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-22988

    ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp.... Read more

    Affected Products : zkbio_wdms
    • Published: Feb. 23, 2024
    • Modified: Jun. 07, 2025

  • 9.8

    CRITICAL
    CVE-2020-22597

    An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.... Read more

    Affected Products : jerryscript
    • Published: Jul. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-6094

    cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system... Read more

    Affected Products : cups debian_linux
    • Published: Dec. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22617

    Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.... Read more

    Affected Products : ardour
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22249

    Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plu... Read more

    Affected Products : phplist
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22633

    Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request.... Read more

    Affected Products :
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22225

    Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.... Read more

    Affected Products : fundraising_script
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22632

    Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. This vulnerability is triggered via a crafted POST request.... Read more

    Affected Products :
    • Published: Apr. 26, 2024
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2020-22203

    SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php.... Read more

    Affected Products : phpcms
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22206

    SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_ck.php.... Read more

    Affected Products : ecshop
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22441

    HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.... Read more

    • Published: Jun. 13, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2019-18658

    In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a ... Read more

    Affected Products : helm
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-19012

    An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remot... Read more

    • Published: Nov. 17, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293258 Results