Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-9912

    The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a den... Read more

    Affected Products : php
    • EPSS Score: %1.32
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2014-9474

    Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.... Read more

    Affected Products : gnu_mpfr
    • EPSS Score: %6.13
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-1477

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and applicat... Read more

    • EPSS Score: %0.85
    • Published: Feb. 06, 2014
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-46337

    A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also all... Read more

    Affected Products : derby
    • EPSS Score: %0.04
    • Published: Nov. 20, 2023
    • Modified: Jun. 10, 2025

  • 9.8

    CRITICAL
    CVE-2013-2167

    python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass... Read more

    • EPSS Score: %0.83
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-1910

    yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.... Read more

    Affected Products : debian_linux yum
    • EPSS Score: %0.85
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-1437

    Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.... Read more

    Affected Products : fedora module-metadata
    • EPSS Score: %0.94
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-1823

    sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placi... Read more

    • Actively Exploited
    • EPSS Score: %94.29
    • Published: May. 11, 2012
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2011-1939

    SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.... Read more

    Affected Products : debian_linux php zend_framework
    • EPSS Score: %15.45
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2009-2422

    The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows cont... Read more

    • EPSS Score: %0.40
    • Published: Jul. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2008-2433

    The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers t... Read more

    • EPSS Score: %12.31
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2005-2103

    Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or ... Read more

    Affected Products : enterprise_linux gaim
    • EPSS Score: %25.85
    • Published: Aug. 16, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2005-1744

    BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.72
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-6543

    Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server... Read more

    • Actively Exploited
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-49710

    An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-43234

    Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing a maliciously crafted texture may lead to unexpected ap... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-30433

    This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normal... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Mar. 31, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-24237

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termi... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Mar. 31, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-24126

    An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process mem... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jan. 27, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-21613

    go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary value... Read more

    Affected Products : go-git
    • Published: Jan. 06, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection
Showing 20 of 291385 Results