Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-15882

    An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.70
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24427

    Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.... Read more

    Affected Products : bitbucket_oauth
    • EPSS Score: %0.22
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24410

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.... Read more

    Affected Products : contact_form
    • EPSS Score: %0.44
    • Published: Oct. 31, 2023
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-24795

    Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.... Read more

    Affected Products : jhr-n916r_firmware jhr-n916r
    • EPSS Score: %0.11
    • Published: Mar. 16, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2018-14667

    The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.a... Read more

    Affected Products : enterprise_linux richfaces
    • Actively Exploited
    • EPSS Score: %88.86
    • Published: Nov. 06, 2018
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2018-14364

    GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.... Read more

    Affected Products : gitlab
    • EPSS Score: %39.28
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13866

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c.... Read more

    Affected Products : hdf5
    • EPSS Score: %0.42
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24373

    External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.... Read more

    Affected Products : booking_calendar
    • Published: Jun. 03, 2024
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-24164

    Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.... Read more

    Affected Products : ac18_firmware ac18
    • EPSS Score: %0.41
    • Published: Jan. 26, 2023
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2018-13379

    An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows a... Read more

    Affected Products : fortios fortiproxy
    • Actively Exploited
    • EPSS Score: %94.47
    • Published: Jun. 04, 2019
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-24145

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • EPSS Score: %1.45
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-24000

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. ... Read more

    Affected Products : gamipress
    • EPSS Score: %0.32
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24107

    hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute a... Read more

    Affected Products : hour_of_code_python_2015
    • EPSS Score: %0.12
    • Published: Feb. 22, 2023
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-46476

    D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.... Read more

    Affected Products : dir-859_a1_firmware dir-859_a1
    • EPSS Score: %62.91
    • Published: Jan. 19, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-24028

    In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.... Read more

    Affected Products : misp
    • EPSS Score: %0.09
    • Published: Jan. 20, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-23796

    Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0. ... Read more

    Affected Products : form_builder
    • EPSS Score: %0.69
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0399

    Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.... Read more

    Affected Products : finesse
    • EPSS Score: %0.72
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47780

    SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.... Read more

    Affected Products : bangresto
    • EPSS Score: %0.24
    • Published: Jan. 31, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2018-0315

    A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, re... Read more

    Affected Products : ios_xe ios_xe
    • EPSS Score: %15.10
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47854

    i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.... Read more

    Affected Products : i_librarian i-librarian
    • EPSS Score: %0.09
    • Published: Jan. 31, 2023
    • Modified: Mar. 27, 2025
Showing 20 of 292719 Results