Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-17057

    An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.... Read more

    Affected Products : limesurvey tcpdf tcpdf
    • Published: Sep. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17663

    The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.... Read more

    Affected Products : mini_httpd thttpd
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6360

    The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.... Read more

    Affected Products : my_calendar
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10430

    A vulnerability, which was classified as critical, has been found in Codezips Pet Shop Management System 1.0. This issue affects some unknown processing of the file /animalsupdate.php. The manipulation of the argument id leads to sql injection. The attack... Read more

    Affected Products : pet_shop_management_system
    • Published: Oct. 27, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2006-0061

    xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session.... Read more

    Affected Products : xlockmore
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-10425

    A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /student/project_selection/move_up_project.php of the component Project Selectio... Read more

    • Published: Oct. 27, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-48956

    Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-6163

    Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data... Read more

    Affected Products : checkmk checkmk
    • Published: Jul. 08, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-38129

    A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.... Read more

    Affected Products : sensor_management_server
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-53853

    A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can p... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-7877

    A vulnerability, which was classified as critical, has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This issue affects some unknown processing of the file sendfile.jsp. The manipulation of the argument File leads to unrestricted upload. The attack may... Read more

    Affected Products : metacrm
    • Published: Jul. 20, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-6317

    A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN.  Full versions and TV models affected: webOS 4.9.7 - 5.30.40 runni... Read more

    • Published: Apr. 09, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2019-20027

    Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully auth... Read more

    • Published: Jul. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-52803

    LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious ... Read more

    Affected Products : llama-factory
    • Published: Nov. 21, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-6306

    A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sq... Read more

    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-7393

    Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0, from 4.0.0 before 4.2.0.... Read more

    Affected Products : mail_login
    • Published: Jul. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-9509

    A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fair_info_all.php. Performing manipulation of the argument fid results in sql injection. The attack can be ... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 27, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2019-9756

    An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.... Read more

    Affected Products : gitlab
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-9218

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5).... Read more

    Affected Products : gitlab
    • Published: May. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-6395

    The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansi... Read more

    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292916 Results