Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-41014

    Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequ... Read more

    Affected Products : quartz-gold_firmware quartz-gold
    • EPSS Score: %0.33
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2009-2168

    cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and pa... Read more

    Affected Products : 7ammel
    • EPSS Score: %1.10
    • Published: Jun. 22, 2009
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2009-2367

    cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.... Read more

    • EPSS Score: %32.33
    • Published: Jul. 08, 2009
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2009-3421

    login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.... Read more

    Affected Products : pao-bacheca_guestbook
    • EPSS Score: %3.04
    • Published: Sep. 25, 2009
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-2595

    A vulnerability has been found in SourceCodester Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax_service.php of the component POST Parameter Handler. The manipulation of... Read more

    • EPSS Score: %0.05
    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-2076

    Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remo... Read more

    Affected Products : cxf
    • EPSS Score: %7.83
    • Published: Aug. 19, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2010-3416

    Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.... Read more

    Affected Products : linux_kernel chrome
    • EPSS Score: %0.58
    • Published: Sep. 16, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-1475

    A vulnerability, which was classified as critical, has been found in SourceCodester Canteen Management System 1.0. This issue affects the function query of the file createuser.php. The manipulation of the argument uemail leads to sql injection. The attack... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.04
    • Published: Mar. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-56066

    Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through 1.0.23.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 9.8

    CRITICAL
    CVE-2021-38299

    Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence.... Read more

    Affected Products : webauthn_framwork
    • EPSS Score: %0.35
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9306

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.... Read more

    Affected Products : fbx_software_development_kit
    • EPSS Score: %2.68
    • Published: Jan. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-3320

    It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative r... Read more

    Affected Products : warp
    • EPSS Score: %0.01
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-52295

    DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2... Read more

    Affected Products : dataease
    • Published: Nov. 13, 2024
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-0537

    Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows... Read more

    Affected Products : bsafe bsafe_crypto-c bsafe_ssl-c
    • EPSS Score: %2.28
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2018-19061

    DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.60
    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19078

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password.... Read more

    • EPSS Score: %0.58
    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-15439

    A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected so... Read more

    • EPSS Score: %1.26
    • Published: Nov. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6491

    Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.... Read more

    Affected Products : ucmdb_configuration_manager
    • EPSS Score: %0.14
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19196

    An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonst... Read more

    Affected Products : xiaocms_x1 xiaocms
    • EPSS Score: %0.59
    • Published: Nov. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-19220

    An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.... Read more

    Affected Products : laobancms
    • EPSS Score: %0.99
    • Published: Nov. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291736 Results