Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-11641

    GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.... Read more

    Affected Products : graphicsmagick
    • EPSS Score: %0.45
    • Published: Jul. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11582

    dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.... Read more

    Affected Products : finecms
    • EPSS Score: %0.29
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11673

    Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess."... Read more

    Affected Products : web_vulnerability_scanner
    • EPSS Score: %2.36
    • Published: Jul. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-0582

    Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : fedora debian_linux wireshark
    • EPSS Score: %0.07
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-11496

    Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.... Read more

    Affected Products : sentinel_ldk_rte desigo_cc
    • EPSS Score: %8.27
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11497

    Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.... Read more

    Affected Products : sentinel_ldk_rte desigo_cc
    • EPSS Score: %8.27
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-43491

    Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit thes... Read more

    Affected Products : windows_10_1507 windows
    • Actively Exploited
    • Published: Sep. 10, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-43498

    .NET and Visual Studio Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2017-11517

    Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.... Read more

    Affected Products : gcore
    • EPSS Score: %37.02
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11465

    The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y.... Read more

    Affected Products : ruby
    • EPSS Score: %0.38
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11462

    Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.... Read more

    Affected Products : fedora kerberos_5
    • EPSS Score: %1.08
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11510

    An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request.... Read more

    Affected Products : hw0021_firmware hw0021
    • EPSS Score: %1.00
    • Published: Mar. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-11445

    Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.... Read more

    Affected Products : subrion_cms
    • EPSS Score: %0.25
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11444

    Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.... Read more

    Affected Products : subrion_cms
    • EPSS Score: %78.59
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11436

    D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.... Read more

    Affected Products : dir-615 dir-615
    • EPSS Score: %1.09
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-43455

    Windows Remote Desktop Licensing Service Spoofing Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2017-11412

    Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id'].... Read more

    Affected Products : fiyo_cms
    • EPSS Score: %0.23
    • Published: Jul. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11415

    Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level'].... Read more

    Affected Products : fiyo_cms
    • EPSS Score: %0.23
    • Published: Jul. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-43441

    Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.... Read more

    Affected Products : hugegraph
    • Published: Dec. 24, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-43404

    MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Pytho... Read more

    Affected Products : megabot
    • Published: Aug. 20, 2024
    • Modified: Aug. 26, 2024
Showing 20 of 292719 Results