Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-17452

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.11
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2003-5001

    A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The atta... Read more

    Affected Products : iss_blackice_pc_protection
    • EPSS Score: %0.32
    • Published: Mar. 28, 2022
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-24443

    Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : testcomplete_support
    • EPSS Score: %0.09
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24444

    Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.... Read more

    Affected Products : openid
    • EPSS Score: %0.15
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24430

    Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : semantic_versioning
    • EPSS Score: %0.09
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2018-15882

    An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.70
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24427

    Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.... Read more

    Affected Products : bitbucket_oauth
    • EPSS Score: %0.22
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24410

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.... Read more

    Affected Products : contact_form
    • EPSS Score: %0.44
    • Published: Oct. 31, 2023
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-24795

    Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.... Read more

    Affected Products : jhr-n916r_firmware jhr-n916r
    • EPSS Score: %0.11
    • Published: Mar. 16, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2018-14667

    The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.a... Read more

    Affected Products : enterprise_linux richfaces
    • Actively Exploited
    • EPSS Score: %88.86
    • Published: Nov. 06, 2018
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2018-14364

    GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.... Read more

    Affected Products : gitlab
    • EPSS Score: %39.28
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13866

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c.... Read more

    Affected Products : hdf5
    • EPSS Score: %0.42
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24373

    External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.... Read more

    Affected Products : booking_calendar
    • Published: Jun. 03, 2024
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-24164

    Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.... Read more

    Affected Products : ac18_firmware ac18
    • EPSS Score: %0.41
    • Published: Jan. 26, 2023
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2018-13379

    An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows a... Read more

    Affected Products : fortios fortiproxy
    • Actively Exploited
    • EPSS Score: %94.47
    • Published: Jun. 04, 2019
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-24145

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • EPSS Score: %1.45
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-24000

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. ... Read more

    Affected Products : gamipress
    • EPSS Score: %0.32
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24107

    hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute a... Read more

    Affected Products : hour_of_code_python_2015
    • EPSS Score: %0.12
    • Published: Feb. 22, 2023
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-46476

    D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.... Read more

    Affected Products : dir-859_a1_firmware dir-859_a1
    • EPSS Score: %62.91
    • Published: Jan. 19, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-24028

    In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.... Read more

    Affected Products : misp
    • EPSS Score: %0.09
    • Published: Jan. 20, 2023
    • Modified: Apr. 03, 2025
Showing 20 of 292730 Results