Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-6879

    Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().... Read more

    Affected Products : fedora aomedia libaom
    • EPSS Score: %0.16
    • Published: Dec. 27, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-51887

    Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.... Read more

    Affected Products : mathtex
    • EPSS Score: %3.18
    • Published: Jan. 24, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51714

    An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.... Read more

    Affected Products : debian_linux qt
    • EPSS Score: %0.14
    • Published: Dec. 24, 2023
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-50252

    php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<image>` tag. The problem pops up especially when the `href` ... Read more

    Affected Products : php-svg-lib
    • EPSS Score: %9.98
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49654

    Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.... Read more

    Affected Products : matlab
    • EPSS Score: %0.07
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48085

    Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %71.87
    • Published: Dec. 14, 2023
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-44351

    Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.... Read more

    Affected Products : coldfusion
    • EPSS Score: %32.01
    • Published: Nov. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42282

    The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.... Read more

    Affected Products : ip
    • EPSS Score: %0.40
    • Published: Feb. 08, 2024
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2023-40569

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations... Read more

    Affected Products : fedora debian_linux freerdp
    • EPSS Score: %0.10
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4056

    Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been explo... Read more

    Affected Products : firefox firefox_esr debian_linux
    • EPSS Score: %0.56
    • Published: Aug. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4008

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain... Read more

    Affected Products : gitlab
    • EPSS Score: %0.05
    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38406

    bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."... Read more

    Affected Products : frrouting
    • EPSS Score: %0.12
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-35365

    Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability... Read more

    • EPSS Score: %2.31
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32057

    Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more

    • EPSS Score: %2.52
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29074

    A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the co... Read more

    • EPSS Score: %0.31
    • Published: Nov. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29073

    A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in th... Read more

    • EPSS Score: %0.34
    • Published: Nov. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26037

    ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not proper... Read more

    Affected Products : zoneminder
    • EPSS Score: %0.14
    • Published: Feb. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24427

    Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.... Read more

    Affected Products : bitbucket_oauth
    • EPSS Score: %0.22
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-23368

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versio... Read more

    Affected Products : quts_hero qts qutscloud
    • EPSS Score: %3.56
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-21689

    Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more

    • EPSS Score: %29.67
    • Published: Feb. 14, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291205 Results