Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-0513

    The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authenticat... Read more

    Affected Products : wp_statistics
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18928

    International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.... Read more

    • Published: Nov. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24501

    Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit.... Read more

    • Published: Apr. 17, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2018-18641

    An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.... Read more

    Affected Products : gitlab
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24531

    Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or insertin... Read more

    Affected Products : go
    • Published: Jul. 02, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2018-17452

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.... Read more

    Affected Products : gitlab
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2003-5001

    A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The atta... Read more

    Affected Products : iss_blackice_pc_protection
    • Published: Mar. 28, 2022
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-24443

    Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : testcomplete_support
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24444

    Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.... Read more

    Affected Products : openid
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24430

    Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : semantic_versioning
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2018-15882

    An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.... Read more

    Affected Products : joomla\!
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24427

    Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.... Read more

    Affected Products : bitbucket_oauth
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24410

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.... Read more

    Affected Products : contact_form
    • Published: Oct. 31, 2023
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-24795

    Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.... Read more

    Affected Products : jhr-n916r_firmware jhr-n916r
    • Published: Mar. 16, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2018-14667

    The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.a... Read more

    Affected Products : enterprise_linux richfaces
    • Actively Exploited
    • Published: Nov. 06, 2018
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2018-14364

    GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.... Read more

    Affected Products : gitlab
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13866

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c.... Read more

    Affected Products : hdf5
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24373

    External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.... Read more

    Affected Products : booking_calendar
    • Published: Jun. 03, 2024
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2023-24164

    Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 26, 2023
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2018-13379

    An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows a... Read more

    Affected Products : fortios fortiproxy
    • Actively Exploited
    • Published: Jun. 04, 2019
    • Modified: Jan. 27, 2025
Showing 20 of 292764 Results