Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2011-4094

    Jara 1.6 has a SQL injection vulnerability.... Read more

    Affected Products : jara
    • EPSS Score: %5.60
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4068

    The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.... Read more

    Affected Products : packetfence
    • EPSS Score: %0.64
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19853

    BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.... Read more

    Affected Products : bluecms bluecms
    • EPSS Score: %0.26
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20815

    In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.... Read more

    Affected Products : qemu
    • EPSS Score: %1.60
    • Published: May. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19596

    Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.... Read more

    Affected Products : core_ftp
    • EPSS Score: %0.46
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19625

    Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.... Read more

    Affected Products : gridx
    • EPSS Score: %85.77
    • Published: Mar. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19672

    Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell.... Read more

    Affected Products : niushop
    • EPSS Score: %0.43
    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19510

    Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.... Read more

    Affected Products : textpattern windows
    • EPSS Score: %0.43
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1344

    Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x... Read more

    Affected Products : laborofficefree
    • Published: Feb. 19, 2024
    • Modified: Mar. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-1351

    Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections ... Read more

    • Published: Mar. 07, 2024
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2020-19305

    An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.... Read more

    Affected Products : metinfo
    • EPSS Score: %0.96
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12989

    Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.... Read more

    Affected Products : netscaler_sd-wan sd-wan
    • Actively Exploited
    • EPSS Score: %80.82
    • Published: Jul. 16, 2019
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2020-19301

    A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter.... Read more

    Affected Products : vaethink
    • EPSS Score: %0.98
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19302

    An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php".... Read more

    Affected Products : vaethink
    • EPSS Score: %0.61
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1305

    tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space... Read more

    • Published: Jul. 08, 2024
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2020-19267

    An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : dswjcms
    • EPSS Score: %0.85
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19320

    Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login.... Read more

    Affected Products : dir-619l_firmware dir-619l
    • EPSS Score: %1.20
    • Published: Sep. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19229

    Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.... Read more

    Affected Products : jeesite
    • EPSS Score: %0.33
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19165

    PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.... Read more

    Affected Products : phpshe
    • EPSS Score: %0.44
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1284

    Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %1.51
    • Published: Feb. 07, 2024
    • Modified: May. 15, 2025
Showing 20 of 292316 Results