Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-125087

    A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue... Read more

    Affected Products : java-xmlbuilder
    • EPSS Score: %0.07
    • Published: Feb. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-25019

    LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.... Read more

    Affected Products : limesurvey
    • EPSS Score: %0.44
    • Published: Feb. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-9928

    A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate t... Read more

    Affected Products : travel_management_system
    • Published: Sep. 03, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-57052

    cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing al... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2019-25032

    Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploit... Read more

    Affected Products : debian_linux unbound
    • EPSS Score: %0.18
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45166

    An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (D... Read more

    Affected Products : idol2
    • Published: Aug. 22, 2024
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2019-25022

    An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation.... Read more

    Affected Products : secure_vote
    • EPSS Score: %0.42
    • Published: Feb. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6349

    When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132.... Read more

    Affected Products : whatsapp whatsapp_business
    • EPSS Score: %1.31
    • Published: Jun. 14, 2019
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-20655

    When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24.... Read more

    Affected Products : whatsapp whatsapp_business
    • EPSS Score: %0.54
    • Published: Jun. 14, 2019
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2019-25009

    An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.... Read more

    Affected Products : http
    • EPSS Score: %0.40
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-25004

    An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.... Read more

    Affected Products : flatbuffers
    • EPSS Score: %0.17
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2008-3604

    SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.... Read more

    Affected Products : zeebuddy
    • EPSS Score: %1.42
    • Published: Aug. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2019-20933

    InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).... Read more

    Affected Products : debian_linux influxdb
    • EPSS Score: %93.11
    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9488

    ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker... Read more

    • EPSS Score: %4.62
    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20914

    An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.... Read more

    Affected Products : libredwg
    • EPSS Score: %0.37
    • Published: Jul. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6350

    An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Bus... Read more

    Affected Products : whatsapp whatsapp_business
    • EPSS Score: %0.40
    • Published: Jun. 14, 2019
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-8343

    A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the ... Read more

    Affected Products : shio
    • Published: Jul. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-4846

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MPUT Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The ex... Read more

    • Published: May. 18, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-34115

    DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.... Read more

    Affected Products : dataease dataease
    • EPSS Score: %0.34
    • Published: Jul. 22, 2022
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-57772

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl ... Read more

    Affected Products : dataease
    • Published: Aug. 25, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication
Showing 20 of 292650 Results