Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-3120

    A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_h... Read more

    Affected Products : sngrep
    • Published: Apr. 10, 2024
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2013-6225

    LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability... Read more

    Affected Products : livezilla
    • Published: Jan. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-26691

    In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow... Read more

    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-6295

    PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module... Read more

    Affected Products : prestashop
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27743

    libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.... Read more

    Affected Products : pam_tacplus
    • Published: Oct. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-26029

    Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain disclose infor... Read more

    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-38813

    The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.... Read more

    Affected Products : vcenter_server cloud_foundation
    • Actively Exploited
    • Published: Sep. 17, 2024
    • Modified: Nov. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-26011

    A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.... Read more

    • Published: Nov. 12, 2024
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2020-27745

    Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.... Read more

    Affected Products : debian_linux slurm
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7593

    Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.... Read more

    Affected Products : virtual_traffic_management
    • Actively Exploited
    • Published: Aug. 13, 2024
    • Modified: Sep. 25, 2024

  • 9.8

    CRITICAL
    CVE-2020-27619

    In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.... Read more

    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0802

    Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target p... Read more

    Affected Products :
    • Published: Mar. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27583

    IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the mai... Read more

    Affected Products : infosphere_information_server
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27654

    Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.... Read more

    Affected Products : router_manager
    • Published: Oct. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27544

    An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py.... Read more

    Affected Products : client_advanced_control
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8662

    This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25943

    iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution... Read more

    Affected Products : idrac9
    • Published: Jun. 29, 2024
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2020-27540

    Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a... Read more

    Affected Products : cs-c2shw_firmware cs-c2shw
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25927

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0. ... Read more

    Affected Products : postmash
    • Published: Feb. 28, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-25910

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. ... Read more

    Affected Products : moveto
    • Published: Feb. 28, 2024
    • Modified: Apr. 10, 2025
Showing 20 of 293350 Results