Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-25099

    In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.... Read more

    Affected Products :
    • Published: Mar. 18, 2024
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-24641

    Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php.... Read more

    Affected Products : judging_management_system
    • EPSS Score: %0.07
    • Published: Mar. 03, 2023
    • Modified: Mar. 07, 2025

  • 9.8

    CRITICAL
    CVE-2018-20997

    An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.... Read more

    Affected Products : openssl rust-openssl
    • EPSS Score: %0.50
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24726

    Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page.... Read more

    Affected Products : art_gallery_management_system
    • EPSS Score: %0.55
    • Published: Mar. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24540

    Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanit... Read more

    Affected Products : go
    • EPSS Score: %0.24
    • Published: May. 11, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-0513

    The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authenticat... Read more

    Affected Products : wp_statistics
    • EPSS Score: %32.48
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18928

    International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.... Read more

    • EPSS Score: %2.73
    • Published: Nov. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24501

    Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit.... Read more

    • EPSS Score: %0.08
    • Published: Apr. 17, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2018-18641

    An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.06
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24531

    Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or insertin... Read more

    Affected Products : go
    • Published: Jul. 02, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2018-17452

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.11
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2003-5001

    A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The atta... Read more

    Affected Products : iss_blackice_pc_protection
    • EPSS Score: %0.32
    • Published: Mar. 28, 2022
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-24443

    Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : testcomplete_support
    • EPSS Score: %0.09
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24444

    Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.... Read more

    Affected Products : openid
    • EPSS Score: %0.15
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24430

    Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : semantic_versioning
    • EPSS Score: %0.09
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2018-15882

    An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.70
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24427

    Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.... Read more

    Affected Products : bitbucket_oauth
    • EPSS Score: %0.22
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24410

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.... Read more

    Affected Products : contact_form
    • EPSS Score: %0.44
    • Published: Oct. 31, 2023
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-24795

    Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.... Read more

    Affected Products : jhr-n916r_firmware jhr-n916r
    • EPSS Score: %0.11
    • Published: Mar. 16, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2018-14667

    The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.a... Read more

    Affected Products : enterprise_linux richfaces
    • Actively Exploited
    • EPSS Score: %87.94
    • Published: Nov. 06, 2018
    • Modified: Jan. 27, 2025
Showing 20 of 292316 Results