Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-41779

    IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remo... Read more

    • Published: Nov. 22, 2024
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-3863

    The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunder... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Apr. 16, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-38623

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)... Read more

    Affected Products : linux_kernel
    • Published: Jun. 21, 2024
    • Modified: Mar. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-38474

    Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be ... Read more

    Affected Products : http_server clustered_data_ontap
    • Published: Jul. 01, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-33874

    HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.... Read more

    Affected Products : hdf5
    • Published: May. 14, 2024
    • Modified: Apr. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-32659

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds ... Read more

    Affected Products : fedora freerdp
    • Published: Apr. 23, 2024
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-32608

    HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.... Read more

    Affected Products : hdf5
    • Published: Oct. 09, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-32039

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workarou... Read more

    Affected Products : fedora freerdp
    • Published: Apr. 22, 2024
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-29974

    ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated atta... Read more

    • Published: Jun. 04, 2024
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-28103

    Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3... Read more

    Affected Products : rails
    • Published: Jun. 04, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-23305

    An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a m... Read more

    Affected Products : fedora libbiosig
    • Published: Feb. 20, 2024
    • Modified: Aug. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-21181

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-2057

    A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulat... Read more

    Affected Products : langchain
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1916

    Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.... Read more

    Affected Products :
    • Published: Mar. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-13159

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.... Read more

    Affected Products : endpoint_manager
    • Actively Exploited
    • Published: Jan. 14, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-11698

    A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions li... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • Published: Nov. 26, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-49934

    An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1.... Read more

    Affected Products : slurm
    • EPSS Score: %0.14
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49583

    SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the applica... Read more

    Affected Products : \@sap\/xssec
    • EPSS Score: %0.42
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49105

    An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed ... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %88.05
    • Published: Nov. 21, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-48792

    Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.... Read more

    Affected Products : manageengine_adaudit_plus
    • EPSS Score: %8.62
    • Published: Feb. 02, 2024
    • Modified: Jun. 11, 2025
Showing 20 of 291601 Results