Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-2595

    A vulnerability has been found in SourceCodester Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax_service.php of the component POST Parameter Handler. The manipulation of... Read more

    • EPSS Score: %0.05
    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-3416

    Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.... Read more

    Affected Products : linux_kernel chrome
    • EPSS Score: %0.58
    • Published: Sep. 16, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-1475

    A vulnerability, which was classified as critical, has been found in SourceCodester Canteen Management System 1.0. This issue affects the function query of the file createuser.php. The manipulation of the argument uemail leads to sql injection. The attack... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.04
    • Published: Mar. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38299

    Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence.... Read more

    Affected Products : webauthn_framwork
    • EPSS Score: %0.36
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-52295

    DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2... Read more

    Affected Products : dataease
    • Published: Nov. 13, 2024
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-0537

    Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows... Read more

    Affected Products : bsafe bsafe_crypto-c bsafe_ssl-c
    • EPSS Score: %2.28
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2018-19061

    DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.60
    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-15439

    A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected so... Read more

    • EPSS Score: %1.26
    • Published: Nov. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6491

    Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.... Read more

    Affected Products : ucmdb_configuration_manager
    • EPSS Score: %0.14
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-5495

    All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node.... Read more

    Affected Products : storagegrid_webscale
    • EPSS Score: %0.74
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19281

    Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.... Read more

    Affected Products : centreon
    • EPSS Score: %0.22
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7359

    All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : zxhn_f670_firmware zxhn_f670
    • EPSS Score: %0.81
    • Published: Nov. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18796

    Library Management System 1.0 has SQL Injection via the "Search for Books" screen.... Read more

    Affected Products : library_management_system
    • EPSS Score: %0.25
    • Published: Nov. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-18805

    Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.... Read more

    Affected Products : pointofsales
    • EPSS Score: %4.62
    • Published: Nov. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-9209

    Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2... Read more

    Affected Products : php-traditional-server
    • EPSS Score: %1.94
    • Published: Nov. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16223

    Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.... Read more

    Affected Products : qbeecam
    • EPSS Score: %0.80
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19410

    PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directi... Read more

    Affected Products : prtg_network_monitor
    • Actively Exploited
    • EPSS Score: %93.12
    • Published: Nov. 21, 2018
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2018-17934

    NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or ... Read more

    Affected Products : nuuo_cms
    • EPSS Score: %67.75
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19290

    In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact,... Read more

    Affected Products : budabot
    • EPSS Score: %2.95
    • Published: Nov. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14703

    Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.... Read more

    Affected Products : 5n2_firmware 5n2
    • EPSS Score: %2.04
    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292735 Results