Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-23305

    An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a m... Read more

    Affected Products : fedora libbiosig
    • Published: Feb. 20, 2024
    • Modified: Aug. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-21181

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2057

    A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulat... Read more

    Affected Products : langchain
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1916

    Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.... Read more

    Affected Products :
    • Published: Mar. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-13159

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.... Read more

    Affected Products : endpoint_manager
    • Actively Exploited
    • Published: Jan. 14, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-11698

    A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions li... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • Published: Nov. 26, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-49934

    An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1.... Read more

    Affected Products : slurm
    • EPSS Score: %0.14
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49583

    SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the applica... Read more

    Affected Products : \@sap\/xssec
    • EPSS Score: %0.42
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49105

    An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed ... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %88.05
    • Published: Nov. 21, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-48792

    Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.... Read more

    Affected Products : manageengine_adaudit_plus
    • EPSS Score: %8.62
    • Published: Feb. 02, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-47212

    A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : fedora stb_vorbis stb_vorbis.c
    • Published: May. 01, 2024
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-46853

    In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.... Read more

    Affected Products : memcached
    • EPSS Score: %0.12
    • Published: Oct. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46427

    An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in ... Read more

    Affected Products :
    • Published: Mar. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46258

    An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.... Read more

    Affected Products : windows avalanche
    • EPSS Score: %1.89
    • Published: Dec. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-45853

    MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 ... Read more

    Affected Products : zlib minizip-ng pyminizip
    • EPSS Score: %0.51
    • Published: Oct. 14, 2023
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-43371

    Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.... Read more

    Affected Products : hoteldruid
    • EPSS Score: %0.30
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43208

    NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.... Read more

    Affected Products : mirth_connect
    • Actively Exploited
    • EPSS Score: %94.41
    • Published: Oct. 26, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-43040

    IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.... Read more

    Affected Products : storage_fusion_hci
    • Published: May. 14, 2024
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-42115

    Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw ex... Read more

    Affected Products : exim
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-41913

    strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IK... Read more

    Affected Products : internet_key_exchange strongswan
    • EPSS Score: %11.73
    • Published: Dec. 07, 2023
    • Modified: Jan. 17, 2025
Showing 20 of 292212 Results