Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-3968

    Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.... Read more

    Affected Products : imanager
    • Published: May. 15, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2018-1072

    ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning ... Read more

    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9306

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.... Read more

    Affected Products : fbx_software_development_kit
    • Published: Jan. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-3907

    A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been rated as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may b... Read more

    Affected Products : ac500_firmware ac500
    • Published: Apr. 17, 2024
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-3909

    A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. T... Read more

    Affected Products : ac500_firmware ac500
    • Published: Apr. 17, 2024
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2016-9299

    The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.... Read more

    Affected Products : fedora jenkins
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-40110

    Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php.... Read more

    • Published: Jul. 12, 2024
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-3845

    Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Apr. 17, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-3847

    Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Apr. 17, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-3829

    qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a sy... Read more

    Affected Products : qdrant
    • Published: Jun. 03, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2017-9183

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7.... Read more

    Affected Products : autotrace
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-3817

    HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package.... Read more

    Affected Products : go-getter retryablehttp
    • Published: Apr. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9138

    PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exc... Read more

    Affected Products : php
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-3770

    A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage-courses.php?del=1. The manipulation of the argument del leads to sql injecti... Read more

    Affected Products : student_record_system
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9137

    Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that ... Read more

    Affected Products : php
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-9157

    A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.... Read more

    Affected Products : sicam_pas\/pqs
    • Published: Dec. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-3740

    A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack ma... Read more

    Affected Products : nginxwebui
    • Published: Apr. 13, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2017-7658

    In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chun... Read more

    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3691

    A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched rem... Read more

    Affected Products : small_crm
    • Published: Apr. 12, 2024
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2016-9023

    Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.... Read more

    Affected Products : exponent_cms
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292793 Results