Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-2628

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthentica... Read more

    Affected Products : weblogic_server
    • Actively Exploited
    • Published: Apr. 19, 2018
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-24655

    Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update function.... Read more

    • Published: Mar. 23, 2023
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2018-25099

    In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.... Read more

    Affected Products :
    • Published: Mar. 18, 2024
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-24641

    Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php.... Read more

    Affected Products : judging_management_system
    • Published: Mar. 03, 2023
    • Modified: Mar. 07, 2025

  • 9.8

    CRITICAL
    CVE-2018-20997

    An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.... Read more

    Affected Products : openssl rust-openssl
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24726

    Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page.... Read more

    Affected Products : art_gallery_management_system
    • Published: Mar. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24540

    Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanit... Read more

    Affected Products : go
    • Published: May. 11, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-0513

    The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authenticat... Read more

    Affected Products : wp_statistics
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18928

    International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.... Read more

    • Published: Nov. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24501

    Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit.... Read more

    • Published: Apr. 17, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2018-18641

    An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.... Read more

    Affected Products : gitlab
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24531

    Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or insertin... Read more

    Affected Products : go
    • Published: Jul. 02, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2018-17452

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.... Read more

    Affected Products : gitlab
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2003-5001

    A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The atta... Read more

    Affected Products : iss_blackice_pc_protection
    • Published: Mar. 28, 2022
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-24443

    Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : testcomplete_support
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24444

    Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.... Read more

    Affected Products : openid
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24430

    Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : semantic_versioning
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2018-15882

    An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.... Read more

    Affected Products : joomla\!
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24427

    Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.... Read more

    Affected Products : bitbucket_oauth
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-24410

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.... Read more

    Affected Products : contact_form
    • Published: Oct. 31, 2023
    • Modified: Feb. 19, 2025
Showing 20 of 293284 Results