Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-45918

    Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php.... Read more

    Affected Products :
    • Published: Oct. 08, 2024
    • Modified: Nov. 05, 2024

  • 9.8

    CRITICAL
    CVE-2019-12468

    An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.... Read more

    Affected Products : debian_linux mediawiki
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11703

    A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.... Read more

    Affected Products : thunderbird
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-11692

    A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45823

    CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate ad... Read more

    Affected Products : factorytalk_batch_view
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2019-10692

    In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.... Read more

    Affected Products : wp_go_maps
    • Published: Apr. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10627

    Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in P... Read more

    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-30181

    Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules,... Read more

    Affected Products : dubbo
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45764

    Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Thi... Read more

    Affected Products : enterprise_sonic_distribution
    • Published: Nov. 08, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-45746

    An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). These list pointers are never validated. Each argument lis... Read more

    Affected Products :
    • Published: Oct. 09, 2024
    • Modified: Oct. 11, 2024

  • 9.8

    CRITICAL
    CVE-2019-0160

    Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.... Read more

    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45771

    RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php.... Read more

    Affected Products : rapidcms
    • Published: Sep. 06, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2018-9057

    aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM acco... Read more

    Affected Products : terraform
    • Published: Mar. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45790

    This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legit... Read more

    Affected Products : aim-star
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 9.8

    CRITICAL
    CVE-2018-8016

    The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-... Read more

    Affected Products : cassandra
    • Published: Jun. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45698

    Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on... Read more

    Affected Products : dir-x4860_firmware dir-x4860
    • Published: Sep. 16, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2018-5379

    The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an atta... Read more

    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-45595

    D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is t... Read more

    Affected Products : d-tale
    • Published: Sep. 10, 2024
    • Modified: Sep. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-45569

    Memory corruption while parsing the ML IE due to invalid frame content.... Read more

    • Published: Feb. 03, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2021-29999

    An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.... Read more

    Affected Products : vxworks
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results