Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-13576

    A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.... Read more

    Affected Products : fedora gsoap
    • EPSS Score: %0.76
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13556

    An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequ... Read more

    Affected Products : opener
    • EPSS Score: %2.65
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-55167

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-10791

    A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The atta... Read more

    Affected Products : hospital_appointment_system
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 9.8

    CRITICAL
    CVE-2009-0947

    Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.... Read more

    Affected Products : files
    • EPSS Score: %0.39
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2009-0948

    Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.... Read more

    Affected Products : files
    • EPSS Score: %0.42
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2008-7291

    gri before 2.12.18 generates temporary files in an insecure way.... Read more

    Affected Products : debian_linux gri
    • EPSS Score: %0.43
    • Published: Nov. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10733

    A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be ... Read more

    • Published: Nov. 03, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2008-5784

    V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.... Read more

    Affected Products : v3_chat_profiles_dating_script
    • EPSS Score: %3.38
    • Published: Dec. 31, 2008
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2020-13505

    Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this v... Read more

    Affected Products : edna_enterprise_data_historian
    • EPSS Score: %0.45
    • Published: Sep. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6648

    A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username/contactno leads to sql injectio... Read more

    • EPSS Score: %0.06
    • Published: Dec. 10, 2023
    • Modified: Feb. 22, 2025

  • 9.8

    CRITICAL
    CVE-2020-13442

    A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.... Read more

    Affected Products : dext5
    • EPSS Score: %2.65
    • Published: May. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13499

    An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in... Read more

    Affected Products : edna_enterprise_data_historian
    • EPSS Score: %0.28
    • Published: Sep. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2006-5021

    Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) ad... Read more

    Affected Products : redblog
    • EPSS Score: %1.48
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-10702

    A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attac... Read more

    • Published: Nov. 02, 2024
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2020-13391

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the rou... Read more

    • EPSS Score: %2.15
    • Published: May. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13390

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the rou... Read more

    • EPSS Score: %2.15
    • Published: May. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13388

    An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS comma... Read more

    Affected Products : jw.util
    • EPSS Score: %1.56
    • Published: May. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13393

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the rou... Read more

    • EPSS Score: %1.93
    • Published: May. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13160

    AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.... Read more

    Affected Products : anydesk linux_kernel freebsd
    • EPSS Score: %77.94
    • Published: Jun. 09, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292495 Results