Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-5003

    The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.... Read more

    Affected Products : ws-xmlrpc
    • EPSS Score: %40.15
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-4564

    The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and appli... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.99
    • Published: Jun. 04, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-3132

    Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index.... Read more

    Affected Products : php
    • EPSS Score: %16.48
    • Published: Aug. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-2177

    OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging un... Read more

    • EPSS Score: %47.95
    • Published: Jun. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-2008

    HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : data_protector
    • EPSS Score: %20.72
    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-1908

    The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding priv... Read more

    • EPSS Score: %4.36
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-1901

    Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.... Read more

    Affected Products : fedora cgit cgit
    • EPSS Score: %4.36
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-10134

    SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.... Read more

    Affected Products : zabbix
    • EPSS Score: %88.00
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8778

    Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers... Read more

    • EPSS Score: %6.77
    • Published: Apr. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-5740

    The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.... Read more

    • EPSS Score: %6.04
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-4643

    Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflo... Read more

    • EPSS Score: %6.68
    • Published: May. 16, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-3253

    The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.... Read more

    • EPSS Score: %52.46
    • Published: Aug. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-23305

    By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipu... Read more

    • EPSS Score: %14.14
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9843

    The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.... Read more

    • EPSS Score: %1.09
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-4966

    Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinj... Read more

    Affected Products : ansible
    • EPSS Score: %4.75
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3622

    Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.... Read more

    Affected Products : php
    • EPSS Score: %2.34
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3600

    XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.... Read more

    Affected Products : activemq
    • EPSS Score: %0.53
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2013-7390

    Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct requ... Read more

    Affected Products : manageengine_desktop_central
    • EPSS Score: %66.78
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-5017

    SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : web_gateway
    • EPSS Score: %24.96
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2012-1710

    Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerab... Read more

    Affected Products : fusion_middleware
    • Actively Exploited
    • EPSS Score: %74.57
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291589 Results