Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2007-4559

    Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue... Read more

    Affected Products : python
    • EPSS Score: %92.99
    • Published: Aug. 28, 2007
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2002-0059

    The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via... Read more

    Affected Products : zlib
    • EPSS Score: %33.67
    • Published: Mar. 15, 2002
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-43237

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause unexpected system termination.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-30472

    Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.... Read more

    Affected Products : corosync
    • Published: Mar. 22, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25291

    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differ... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-2152

    A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation l... Read more

    Affected Products : assimp
    • Published: Mar. 10, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-6385

    An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain ci... Read more

    Affected Products : gitlab
    • Published: Jul. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6047

    Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.... Read more

    • Actively Exploited
    • Published: Jun. 17, 2024
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-5699

    In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the beha... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-50557

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M8... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-45508

    HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.... Read more

    Affected Products : htmldoc
    • Published: Sep. 01, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-45490

    An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.... Read more

    Affected Products : libexpat
    • Published: Aug. 30, 2024
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2024-45115

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or ele... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Oct. 10, 2024
    • Modified: Oct. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-43468

    Microsoft Configuration Manager Remote Code Execution Vulnerability... Read more

    Affected Products : configuration_manager
    • Published: Oct. 08, 2024
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-42458

    server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369.... Read more

    Affected Products : neatvnc
    • Published: Aug. 02, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-42005

    An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.... Read more

    Affected Products : django
    • Published: Aug. 07, 2024
    • Modified: Oct. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-41779

    IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remo... Read more

    • Published: Nov. 22, 2024
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2024-3863

    The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunder... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Apr. 16, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-38623

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)... Read more

    Affected Products : linux_kernel
    • Published: Jun. 21, 2024
    • Modified: Mar. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-38474

    Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be ... Read more

    Affected Products : http_server clustered_data_ontap
    • Published: Jul. 01, 2024
    • Modified: Mar. 25, 2025
Showing 20 of 291222 Results