Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-43371

    Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.... Read more

    Affected Products : hoteldruid
    • EPSS Score: %0.30
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-43208

    NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.... Read more

    Affected Products : mirth_connect
    • Actively Exploited
    • EPSS Score: %94.41
    • Published: Oct. 26, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-43040

    IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.... Read more

    Affected Products : storage_fusion_hci
    • Published: May. 14, 2024
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-42115

    Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw ex... Read more

    Affected Products : exim
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-41913

    strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IK... Read more

    Affected Products : internet_key_exchange strongswan
    • EPSS Score: %10.93
    • Published: Dec. 07, 2023
    • Modified: Jan. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-40567

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse o... Read more

    Affected Products : fedora debian_linux freerdp
    • EPSS Score: %0.10
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36434

    Windows IIS Server Elevation of Privilege Vulnerability... Read more

    • EPSS Score: %2.93
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-35367

    Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability... Read more

    • EPSS Score: %2.05
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34417

    Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114.... Read more

    Affected Products : firefox
    • EPSS Score: %0.28
    • Published: Jun. 19, 2023
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-33246

    For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an a... Read more

    Affected Products : rocketmq
    • Actively Exploited
    • EPSS Score: %94.36
    • Published: May. 24, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-3638

    In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. ... Read more

    Affected Products : gv-adr2701_firmware gv-adr2701
    • EPSS Score: %0.23
    • Published: Jul. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31047

    In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the la... Read more

    Affected Products : fedora django
    • EPSS Score: %0.06
    • Published: May. 07, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-29402

    The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters i... Read more

    Affected Products : fedora go
    • EPSS Score: %0.12
    • Published: Jun. 08, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-29363

    Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more

    • EPSS Score: %5.86
    • Published: Jun. 14, 2023
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2023-2868

    A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .t... Read more

    • Actively Exploited
    • EPSS Score: %89.60
    • Published: May. 24, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-2840

    NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.... Read more

    Affected Products : gpac
    • EPSS Score: %0.08
    • Published: May. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28154

    Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.... Read more

    Affected Products : webpack
    • EPSS Score: %1.48
    • Published: Mar. 13, 2023
    • Modified: Feb. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-25664

    TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. ... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.07
    • Published: Mar. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2530

    A privilege escalation allowing remote code execution was discovered in the orchestration service.... Read more

    Affected Products : puppet_enterprise
    • EPSS Score: %3.12
    • Published: Jun. 07, 2023
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-24943

    Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more

    • EPSS Score: %1.30
    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291335 Results