Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-24260

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker in a privileged position may be able to perform a denial-of-service.... Read more

    Affected Products : macos
    • Published: Mar. 31, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-24252

    A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network ... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-9680

    An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR <... Read more

    • Actively Exploited
    • Published: Oct. 09, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-8932

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.... Read more

    Affected Products : php ontap
    • Published: Nov. 22, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-8385

    A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 03, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-6782

    Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.... Read more

    Affected Products : calibre
    • Published: Aug. 06, 2024
    • Modified: Aug. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-6671

    In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.... Read more

    Affected Products : whatsup_gold
    • Published: Aug. 29, 2024
    • Modified: Sep. 04, 2024

  • 9.8

    CRITICAL
    CVE-2024-55594

    An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-55564

    The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2024-54506

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.2. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2024-52533

    gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.... Read more

    • Published: Nov. 11, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-48886

    A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManage... Read more

    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-47606

    GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, wh... Read more

    Affected Products : debian_linux gstreamer
    • Published: Dec. 12, 2024
    • Modified: Apr. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-47484

    Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote... Read more

    Affected Products : avamar_server avamar_data_store
    • Published: Dec. 10, 2024
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-41874

    ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing c... Read more

    Affected Products : coldfusion
    • Published: Sep. 13, 2024
    • Modified: Sep. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-3845

    Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Apr. 17, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-37341

    Microsoft SQL Server Elevation of Privilege Vulnerability... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 23, 2024

  • 9.8

    CRITICAL
    CVE-2024-36080

    Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.... Read more

    Affected Products :
    • Published: May. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-32040

    FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.1... Read more

    Affected Products : fedora freerdp
    • Published: Apr. 22, 2024
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-30300

    Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation. An attacker could exploit this vulnerability to gain access to sensitive inform... Read more

    Affected Products : framemaker_publishing_server
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291419 Results