Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-57118

    An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2023-38036

    A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.... Read more

    Affected Products : avalanche
    • Published: Jul. 12, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-24233

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to read or write to protected files.... Read more

    Affected Products : macos
    • Published: Mar. 31, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2023-40761

    User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.... Read more

    Affected Products : yacht_listing_script
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-3197

    An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.... Read more

    Affected Products : fedora debian_linux salt
    • Published: Feb. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-8660

    Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.... Read more

    Affected Products : symantec_pgp_encryption
    • Published: Aug. 11, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-23045

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vuln... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: Jan. 28, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-21619

    GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18.... Read more

    Affected Products : glpi
    • Published: Mar. 18, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2021-31872

    An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.... Read more

    Affected Products : debian_linux klibc
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37936

    A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands v... Read more

    Affected Products : fortiswitch fortiswitch
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-10329

    A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The ... Read more

    Affected Products : unmark unmark
    • Published: Sep. 12, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2021-31009

    Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in HDF5.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37920

    Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates ... Read more

    • Published: Jul. 25, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-37895

    Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", whic... Read more

    Affected Products : jackrabbit
    • Published: Jul. 25, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-1316

    Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device... Read more

    Affected Products : ic-7100_firmware ic-7100
    • Actively Exploited
    • Published: Mar. 05, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-37888

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from ... Read more

    • Published: May. 17, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2019-18939

    eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content ... Read more

    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-0890

    **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have t... Read more

    Affected Products : vmg4325-b10a_firmware
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2005-3590

    The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corru... Read more

    Affected Products : glibc
    • Published: Apr. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37777

    A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing an attacker to manipulate SQL queries via... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Injection
Showing 20 of 294299 Results