Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-38382

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4. ... Read more

    Affected Products : subscribe_to_category
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38323

    An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.... Read more

    Affected Products : opennds
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-38318

    An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.... Read more

    Affected Products : opennds
    • Published: Jan. 26, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-38647

    Open Management Infrastructure Remote Code Execution Vulnerability... Read more

    • Actively Exploited
    • Published: Sep. 15, 2021
    • Modified: Mar. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-36018

    Visual Studio Code Jupyter Extension Spoofing Vulnerability... Read more

    Affected Products : jupyter
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-48913

    If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users ... Read more

    Affected Products : cxf
    • Published: Aug. 08, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2021-38171

    adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.... Read more

    Affected Products : debian_linux ffmpeg
    • Published: Aug. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2005-4891

    Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.... Read more

    Affected Products : simple_machine_forum
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38203

    Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require use... Read more

    Affected Products : coldfusion
    • Actively Exploited
    • Published: Jul. 20, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-38198

    acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023.... Read more

    Affected Products : acme.sh
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40758

    User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.... Read more

    Affected Products : document_creator
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-30430

    This issue was addressed through improved state management. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Password autofill may fill in passwords after failing authentication.... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Mar. 31, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-26844

    An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.... Read more

    Affected Products : znuny
    • Published: May. 08, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-38044

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.... Read more

    Affected Products : hikashop
    • Published: Aug. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-25256

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows a... Read more

    Affected Products : fortisiem
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-38035

    A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configurat... Read more

    Affected Products : mobileiron_sentry
    • Actively Exploited
    • Published: Aug. 21, 2023
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-38036

    A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.... Read more

    Affected Products : avalanche
    • Published: Jul. 12, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-24233

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to read or write to protected files.... Read more

    Affected Products : macos
    • Published: Mar. 31, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2023-40761

    User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.... Read more

    Affected Products : yacht_listing_script
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3197

    An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.... Read more

    Affected Products : fedora debian_linux salt
    • Published: Feb. 27, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results