Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-19113

    Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.... Read more

    Affected Products : online_book_store_project_in_php
    • EPSS Score: %2.65
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1251

    A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been dis... Read more

    • EPSS Score: %0.05
    • Published: Feb. 06, 2024
    • Modified: Aug. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-1252

    A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql... Read more

    Affected Products : tongda_office_anywhere
    • EPSS Score: %0.10
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3614

    An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.... Read more

    Affected Products : vanilla
    • EPSS Score: %1.02
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18980

    Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.... Read more

    Affected Products : halo
    • EPSS Score: %0.43
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3584

    The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.... Read more

    Affected Products : wec_discussion_forum
    • EPSS Score: %0.47
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3583

    It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the ... Read more

    Affected Products : typo3
    • EPSS Score: %0.47
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-12268

    jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.... Read more

    Affected Products : debian_linux leap jbig2dec
    • EPSS Score: %0.81
    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11540

    In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.... Read more

    • EPSS Score: %14.76
    • Published: Apr. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18879

    Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.... Read more

    Affected Products : bludit
    • EPSS Score: %9.44
    • Published: Aug. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1207

    The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of suf... Read more

    • EPSS Score: %75.58
    • Published: Feb. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18698

    Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'.... Read more

    Affected Products : lin-cms lin-cms-flask
    • EPSS Score: %0.91
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18701

    Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.... Read more

    Affected Products : lin-cms-flask
    • EPSS Score: %1.24
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1261

    A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_u... Read more

    Affected Products : jpshop
    • EPSS Score: %0.08
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18912

    An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php.... Read more

    Affected Products : ear
    • EPSS Score: %1.18
    • Published: Aug. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18684

    Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number.... Read more

    Affected Products : floodlight
    • EPSS Score: %0.43
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18683

    Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling.... Read more

    Affected Products : floodlight
    • EPSS Score: %0.43
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9197

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55.... Read more

    Affected Products : autotrace
    • EPSS Score: %0.40
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-18890

    Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.... Read more

    Affected Products : puppycms
    • EPSS Score: %0.64
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-18667

    SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.... Read more

    Affected Products : webport
    • EPSS Score: %0.26
    • Published: Jun. 24, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292387 Results