Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-6433

    If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure tr... Read more

    Affected Products : firefox thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-46762

    Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malic... Read more

    Affected Products : parquet
    • Published: May. 06, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Supply Chain

  • 9.8

    CRITICAL
    CVE-2024-34144

    A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protecti... Read more

    Affected Products : script_security
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-35941

    Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. ... Read more

    Affected Products : envoy
    • EPSS Score: %0.05
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4333

    Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.... Read more

    • EPSS Score: %0.65
    • Published: Jun. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37300

    A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including a... Read more

    • EPSS Score: %0.29
    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43529

    Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain cert... Read more

    Affected Products : thunderbird
    • EPSS Score: %0.08
    • Published: Feb. 16, 2023
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2020-17368

    Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.... Read more

    Affected Products : fedora debian_linux leap firejail
    • EPSS Score: %4.49
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7653

    The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is ... Read more

    Affected Products : ubuntu_linux debian_linux rdflib
    • EPSS Score: %0.71
    • Published: Feb. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12896

    The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().... Read more

    • EPSS Score: %2.06
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9899

    Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.... Read more

    • EPSS Score: %39.48
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2006-4428

    PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value ... Read more

    Affected Products : jupiter_cms
    • EPSS Score: %4.40
    • Published: Aug. 29, 2006
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2006-6024

    Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. ... Read more

    Affected Products : eudora_worldmail
    • EPSS Score: %0.46
    • Published: Nov. 21, 2006
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2017-20151

    A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ... Read more

    Affected Products : rups
    • EPSS Score: %0.09
    • Published: Dec. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-15394

    A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The ... Read more

    • EPSS Score: %0.14
    • Published: Nov. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-15759

    Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to inf... Read more

    Affected Products : broker_api on_demand_services_sdk
    • EPSS Score: %0.32
    • Published: Nov. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-3464

    Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.... Read more

    • EPSS Score: %7.79
    • Published: Feb. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8271

    UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed... Read more

    • EPSS Score: %4.59
    • Published: Mar. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-3927

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use t... Read more

    • EPSS Score: %2.15
    • Published: Apr. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12310

    ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain ... Read more

    • EPSS Score: %0.49
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291222 Results