Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-26154

    url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.... Read more

    Affected Products : fedora debian_linux leap libproxy
    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23917

    In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible... Read more

    Affected Products : teamcity
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8648

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-26105

    In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).... Read more

    Affected Products : cpanel
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-26098

    cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).... Read more

    Affected Products : cpanel
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25153

    The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.... Read more

    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23897

    Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary fi... Read more

    Affected Products : jenkins
    • Actively Exploited
    • Published: Jan. 24, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2020-26100

    chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).... Read more

    Affected Products : cpanel
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-26108

    cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).... Read more

    Affected Products : cpanel
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22496

    Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the fu... Read more

    Affected Products : netdata
    • Published: Jan. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-16428

    In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.... Read more

    Affected Products : ubuntu_linux glib
    • Published: Sep. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18174

    In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-26051

    College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.... Read more

    Affected Products : college_management_system
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-26045

    FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.... Read more

    Affected Products : fuel_cms
    • Published: Jan. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1197

    IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672.... Read more

    • Published: Jun. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-25969

    gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().... Read more

    Affected Products : gnuplot gnuplot
    • Published: Jul. 05, 2023
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2013-2259

    Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview... Read more

    Affected Products : cryptocat
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25952

    SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.... Read more

    • Published: Nov. 16, 2020
    • Modified: Dec. 27, 2024

  • 9.8

    CRITICAL
    CVE-2024-23822

    Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have perm... Read more

    Affected Products : thruk
    • Published: Jan. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-4201

    Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.... Read more

    Affected Products : chrome
    • Published: Nov. 06, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293355 Results