Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-35862

    An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free.... Read more

    Affected Products : bitvec
    • EPSS Score: %0.51
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1000060

    Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in ... Read more

    Affected Products : sensu_core
    • EPSS Score: %0.45
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-1817

    Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : musl
    • EPSS Score: %0.45
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-35869

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.... Read more

    Affected Products : rusqlite
    • EPSS Score: %0.43
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17833

    OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.... Read more

    • EPSS Score: %1.18
    • Published: Apr. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3928

    Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.... Read more

    Affected Products : lg
    • EPSS Score: %0.58
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-48084

    Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %86.82
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-29006

    By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address... Read more

    Affected Products : cloudstack
    • Published: Apr. 04, 2024
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2014-3931

    fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.... Read more

    Affected Products : multi-router_looking_glass
    • Actively Exploited
    • EPSS Score: %57.56
    • Published: Mar. 31, 2017
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2017-13040

    The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.... Read more

    Affected Products : tcpdump
    • EPSS Score: %1.84
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-35868

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification.... Read more

    Affected Products : rusqlite
    • EPSS Score: %0.43
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35797

    NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker.... Read more

    Affected Products : nms300_firmware nms300
    • EPSS Score: %4.14
    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35795

    Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 befor... Read more

    • EPSS Score: %0.56
    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35799

    Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6200 before 1.1.00.32, D7000 before 1.0.1.68, D7800 before 1.0.1.56, DM200 before 1.0.0.61, E... Read more

    • EPSS Score: %1.23
    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-3879

    OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass auth... Read more

    Affected Products : freebsd
    • EPSS Score: %1.48
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2526

    A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other func... Read more

    • EPSS Score: %0.21
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35878

    An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory.... Read more

    Affected Products : ozone
    • EPSS Score: %0.43
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35775

    CITSmart before 9.1.2.23 allows LDAP Injection.... Read more

    Affected Products : citsmart
    • EPSS Score: %23.71
    • Published: Feb. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35758

    An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access,... Read more

    Affected Products : ls9_firmware ls9
    • EPSS Score: %2.04
    • Published: May. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10327

    LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.... Read more

    Affected Products : libreoffice
    • EPSS Score: %0.61
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292738 Results