Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-21619

    GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18.... Read more

    Affected Products : glpi
    • Published: Mar. 18, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2021-31872

    An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.... Read more

    Affected Products : debian_linux klibc
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37936

    A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands v... Read more

    Affected Products : fortiswitch fortiswitch
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2021-31009

    Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in HDF5.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37920

    Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates ... Read more

    • Published: Jul. 25, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-37895

    Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", whic... Read more

    Affected Products : jackrabbit
    • Published: Jul. 25, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-1316

    Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device... Read more

    Affected Products : ic-7100_firmware ic-7100
    • Actively Exploited
    • Published: Mar. 05, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-37888

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from ... Read more

    • Published: May. 17, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2019-18939

    eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content ... Read more

    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-0890

    **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have t... Read more

    Affected Products : vmg4325-b10a_firmware
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2005-3590

    The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corru... Read more

    Affected Products : glibc
    • Published: Apr. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37777

    A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing an attacker to manipulate SQL queries via... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-37756

    I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.... Read more

    Affected Products : i-doit
    • Published: Sep. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8862

    A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query l... Read more

    Affected Products : h2o
    • Published: Sep. 14, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-37712

    Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function.... Read more

    • Published: Jul. 10, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-8517

    SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.... Read more

    Affected Products : spip
    • Published: Sep. 06, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2023-37718

    Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter.... Read more

    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37715

    Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm.... Read more

    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37704

    Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.... Read more

    Affected Products : fh1203_firmware fh1203
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37677

    Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.... Read more

    Affected Products : pligg_cms
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293609 Results