Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-37888

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from ... Read more

    • Published: May. 17, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2019-18939

    eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content ... Read more

    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-0890

    **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have t... Read more

    Affected Products : vmg4325-b10a_firmware
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2005-3590

    The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corru... Read more

    Affected Products : glibc
    • Published: Apr. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37777

    A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing an attacker to manipulate SQL queries via... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-37756

    I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.... Read more

    Affected Products : i-doit
    • Published: Sep. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-8862

    A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query l... Read more

    Affected Products : h2o
    • Published: Sep. 14, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-37712

    Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function.... Read more

    • Published: Jul. 10, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-8517

    SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.... Read more

    Affected Products : spip
    • Published: Sep. 06, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2023-37718

    Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter.... Read more

    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37715

    Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm.... Read more

    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37704

    Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.... Read more

    Affected Products : fh1203_firmware fh1203
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37677

    Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.... Read more

    Affected Products : pligg_cms
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7042

    A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration... Read more

    Affected Products : langchain langchain.js
    • Published: Oct. 29, 2024
    • Modified: Oct. 31, 2024

  • 9.8

    CRITICAL
    CVE-2024-6800

    An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with d... Read more

    Affected Products : enterprise_server
    • Published: Aug. 20, 2024
    • Modified: Sep. 30, 2024

  • 9.8

    CRITICAL
    CVE-2024-6633

    The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. ... Read more

    Affected Products : filecatalyst_workflow
    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-37582

    The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker ... Read more

    Affected Products : rocketmq
    • Published: Jul. 12, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-6096

    In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.... Read more

    Affected Products : telerik_reporting
    • Published: Jul. 24, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-56180

    CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hes... Read more

    Affected Products : eventmesh
    • Published: Feb. 14, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-55636

    Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploi... Read more

    Affected Products : drupal
    • Published: Dec. 10, 2024
    • Modified: Jun. 02, 2025
Showing 20 of 294799 Results