Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-22820

    MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.... Read more

    Affected Products : mkcms
    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-22819

    MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.... Read more

    Affected Products : mkcms
    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-22818

    MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.... Read more

    Affected Products : mkcms
    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2021-20193

    A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.... Read more

    Affected Products : tar
    • EPSS Score: %0.10
    • Published: Mar. 26, 2021
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2020-12069

    In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain... Read more

    • EPSS Score: %0.03
    • Published: Dec. 26, 2022
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2023-3920

    An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship b... Read more

    Affected Products : gitlab
    • EPSS Score: %0.24
    • Published: Sep. 29, 2023
    • Modified: May. 05, 2025

  • 5.0

    MEDIUM
    CVE-2023-1401

    An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.10
    • Published: Jul. 26, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-3907

    A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner... Read more

    Affected Products : gitlab
    • EPSS Score: %0.03
    • Published: Dec. 17, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-23574

    A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authent... Read more

    Affected Products : cmc guardian
    • EPSS Score: %0.21
    • Published: Aug. 09, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-2567

    A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality. Authenticated users may be able to execute arbitrary SQL statements on the DBMS used ... Read more

    Affected Products : cmc guardian
    • EPSS Score: %0.13
    • Published: Sep. 19, 2023
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2023-52160

    The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerabi... Read more

    • Published: Feb. 22, 2024
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2023-40283

    An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %0.01
    • Published: Aug. 14, 2023
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2018-20839

    systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) c... Read more

    • EPSS Score: %0.67
    • Published: May. 17, 2019
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2018-5729

    MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the dat... Read more

    • EPSS Score: %0.44
    • Published: Mar. 06, 2018
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2016-1000338

    In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some c... Read more

    • EPSS Score: %0.43
    • Published: Jun. 01, 2018
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2024-24762

    `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that i... Read more

    Affected Products : starlette fastapi python-multipart
    • EPSS Score: %1.80
    • Published: Feb. 05, 2024
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-42826

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution.... Read more

    • EPSS Score: %0.08
    • Published: Feb. 27, 2023
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2023-41747

    Sensitive information disclosure due to unauthenticated path traversal. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.... Read more

    Affected Products : windows cloud_manager
    • EPSS Score: %0.11
    • Published: Aug. 31, 2023
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2023-3444

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into pro... Read more

    Affected Products : gitlab
    • EPSS Score: %0.18
    • Published: Jul. 13, 2023
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2023-3210

    An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when imp... Read more

    Affected Products : gitlab
    • EPSS Score: %0.53
    • Published: Sep. 01, 2023
    • Modified: May. 05, 2025
Showing 20 of 291162 Results