Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-20001

    It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.... Read more

    Affected Products : debian_linux debian-edu-config
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22061

    A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands ... Read more

    Affected Products : avalanche
    • Published: Apr. 19, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-21917

    A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP serv... Read more

    Affected Products : factorytalk_services_platform
    • Published: Jan. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-21812

    An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code ... Read more

    Affected Products : fedora libbiosig
    • Published: Feb. 20, 2024
    • Modified: Aug. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-21795

    A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious... Read more

    Affected Products : fedora libbiosig
    • Published: Feb. 20, 2024
    • Modified: Aug. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-21646

    Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memor... Read more

    Affected Products : azure_uamqp uamqp
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-50698

    SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-41527

    Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.... Read more

    Affected Products : hospital_management_system
    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-36660

    The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.... Read more

    Affected Products : nettle
    • Published: Jun. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41503

    Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function.... Read more

    Affected Products : student_enrollment
    • Published: Mar. 07, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-41449

    An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.... Read more

    Affected Products : ajaxnewsticker
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-41419

    An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.... Read more

    Affected Products : gevent
    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-1722

    Windows Fax Service Remote Code Execution Vulnerability... Read more

    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2005-2773

    HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.... Read more

    Affected Products : openview_network_node_manager
    • Actively Exploited
    • Published: Sep. 02, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-36495

    An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary cod... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jul. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36487

    The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.... Read more

    Affected Products : ilias
    • Published: Jun. 29, 2023
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-10095

    In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.... Read more

    Affected Products : ui_for_wpf
    • Published: Dec. 16, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-0769

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation o... Read more

    Affected Products : dir-859_firmware dir-859
    • Actively Exploited
    • Published: Jan. 21, 2024
    • Modified: Jun. 26, 2025

  • 9.8

    CRITICAL
    CVE-2018-4056

    An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could gi... Read more

    Affected Products : debian_linux coturn
    • Published: Feb. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-4688

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection.This issue affects SINAV.LINK Exam Result Module: before 1.2.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection
Showing 20 of 294330 Results