Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-15534

    Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update.... Read more

    Affected Products : raml-module-builder
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15533

    XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php.... Read more

    Affected Products : xenfcoresharp
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15522

    An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.... Read more

    Affected Products : csync2
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15543

    An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases.... Read more

    Affected Products : slice-deque
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15490

    openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.... Read more

    Affected Products : openitcockpit
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15555

    FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.... Read more

    Affected Products : wellness
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2007-5775

    Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a... Read more

    • Published: Nov. 01, 2007
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-44299

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.... Read more

    Affected Products : iphone_os ipados
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-44241

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.... Read more

    Affected Products : iphone_os ipados
    • Published: Dec. 12, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-38240

    Windows Remote Access Connection Manager Elevation of Privilege Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 17, 2024

  • 9.8

    CRITICAL
    CVE-2024-31581

    FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 17, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-30080

    Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more

    • Published: Jun. 11, 2024
    • Modified: Sep. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-25153

    A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to ... Read more

    • Published: Mar. 13, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-21416

    Windows TCP/IP Remote Code Execution Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-21082

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H... Read more

    Affected Products : bi_publisher
    • Published: Apr. 16, 2024
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2024-12356

    A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.... Read more

    • Actively Exploited
    • Published: Dec. 17, 2024
    • Modified: Feb. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-10924

    The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_logi... Read more

    Affected Products : really_simple_security
    • Published: Nov. 15, 2024
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2019-15977

    Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected devi... Read more

    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-5281

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to i... Read more

    Affected Products : engineers_online_portal
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42117

    Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. Th... Read more

    Affected Products : exim
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025
Showing 20 of 294209 Results