Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-29958

    JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a bl... Read more

    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29873

    A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM ... Read more

    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12236

    A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endp... Read more

    Affected Products : ios_xe
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12178

    xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more

    Affected Products : debian_linux x_server xorg-server
    • Published: Jan. 24, 2018
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2017-12085

    An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigg... Read more

    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-43773

    SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-43772

    SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.... Read more

    • Published: Sep. 02, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2017-11899

    Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerabil... Read more

    Affected Products : windows_10 windows_server_2016
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-23303

    The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.... Read more

    Affected Products : fedora hostapd wpa_supplicant
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22817

    PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.... Read more

    Affected Products : debian_linux pillow
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-44242

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.... Read more

    Affected Products : iphone_os ipados
    • Published: Dec. 12, 2024
    • Modified: Dec. 18, 2024

  • 9.8

    CRITICAL
    CVE-2024-43661

    The <redacted>.so library, which is used by <redacted>, is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the <redacted> action of the <redacted... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-43685

    Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more

    • Published: Oct. 04, 2024
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-43639

    Windows KDC Proxy Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 9.8

    CRITICAL
    CVE-2017-11721

    Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.... Read more

    Affected Products : ioquake3
    • Published: Aug. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11715

    job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/saf... Read more

    Affected Products : metinfo
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11637

    GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.... Read more

    Affected Products : graphicsmagick
    • Published: Jul. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14632

    Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.... Read more

    Affected Products : ubuntu_linux debian_linux libvorbis
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11589

    On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, ... Read more

    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11614

    MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient... Read more

    Affected Products : connex
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293334 Results