Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-6611

    A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 09, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-56431

    oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.... Read more

    Affected Products : libtheora theora
    • Published: Dec. 25, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-55637

    Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploi... Read more

    Affected Products : drupal
    • Published: Dec. 10, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-52606

    SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.... Read more

    • Published: Feb. 11, 2025
    • Modified: Feb. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-47538

    GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64... Read more

    Affected Products : gstreamer
    • Published: Dec. 12, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-45237

    An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort write... Read more

    Affected Products : fort-validator
    • Published: Aug. 24, 2024
    • Modified: Aug. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-43498

    .NET and Visual Studio Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-40766

    An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall G... Read more

    • Actively Exploited
    • Published: Aug. 23, 2024
    • Modified: Sep. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-39331

    In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.... Read more

    Affected Products : emacs
    • Published: Jun. 23, 2024
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-38476

    Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to vers... Read more

    Affected Products : http_server clustered_data_ontap
    • Published: Jul. 01, 2024
    • Modified: Dec. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-3817

    HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package.... Read more

    Affected Products : go-getter retryablehttp
    • Published: Apr. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3660

    A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.... Read more

    Affected Products : tensorflow keras
    • Published: Apr. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36081

    Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.... Read more

    Affected Products :
    • Published: May. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-35368

    FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.... Read more

    Affected Products : ffmpeg
    • Published: Nov. 29, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-32458

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `... Read more

    Affected Products : fedora freerdp
    • Published: Apr. 22, 2024
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-29973

    ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to exec... Read more

    • Published: Jun. 04, 2024
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-27304

    pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multipl... Read more

    Affected Products :
    • Published: Mar. 06, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-26026

    An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated ... Read more

    Affected Products : big-ip_next_central_manager
    • Published: May. 08, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2024-25176

    LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.... Read more

    Affected Products : luajit
    • Published: Jul. 07, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-25110

    The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code executi... Read more

    Affected Products : azure_uamqp uamqp
    • EPSS Score: %1.02
    • Published: Feb. 12, 2024
    • Modified: Nov. 22, 2024
Showing 20 of 291520 Results