Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-9488

    ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker... Read more

    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20914

    An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.... Read more

    Affected Products : libredwg
    • Published: Jul. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6350

    An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Bus... Read more

    Affected Products : whatsapp whatsapp_business
    • Published: Jun. 14, 2019
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-8343

    A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the ... Read more

    Affected Products : shio
    • Published: Jul. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-4846

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MPUT Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The ex... Read more

    • Published: May. 18, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-34115

    DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.... Read more

    Affected Products : dataease dataease
    • Published: Jul. 22, 2022
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-57772

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl ... Read more

    Affected Products : dataease
    • Published: Aug. 25, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2019-20856

    An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.... Read more

    Affected Products : macos mattermost_desktop
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20853

    An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem.... Read more

    Affected Products : mattermost_packages
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10674

    PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open.... Read more

    Affected Products : perlspeak
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-1740

    Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.This issue affects MyRezzta: from s2.03.01 before v2.05.01.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-0729

    A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has... Read more

    Affected Products : foru_cms
    • Published: Jan. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-46811

    A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: f... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2019-20822

    An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data.... Read more

    Affected Products : windows 3d
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12469

    Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation.... Read more

    Affected Products : ccn-lite
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20800

    In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers.... Read more

    Affected Products : cherokee
    • Published: May. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20790

    OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.... Read more

    Affected Products : fedora opendmarc pypolicyd-spf
    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20791

    OpenThread before 2019-12-13 has a stack-based buffer overflow in MeshCoP::Commissioner::GeneratePskc.... Read more

    Affected Products : openthread
    • Published: Apr. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20787

    Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.... Read more

    Affected Products : leap teeworlds
    • Published: Apr. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-20772

    An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Account subsystem allows authorization bypass. The LG ID is LVE-SMP-190007 (August 2019).... Read more

    Affected Products : android
    • Published: Apr. 17, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292849 Results