Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-27649

    Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %1.46
    • Published: Jun. 23, 2021
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2021-27860

    A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory id... Read more

    • Actively Exploited
    • EPSS Score: %42.72
    • Published: Dec. 08, 2021
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2019-8205

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation... Read more

    • EPSS Score: %4.12
    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12899

    The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().... Read more

    • EPSS Score: %2.06
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-20738

    Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and g... Read more

    • EPSS Score: %0.15
    • Published: Feb. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27981

    A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to ... Read more

    Affected Products : unifi_network_application
    • Published: Apr. 04, 2024
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2020-1909

    A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events... Read more

    Affected Products : whatsapp whatsapp_business
    • EPSS Score: %0.99
    • Published: Nov. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1917

    xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write.... Read more

    Affected Products : hhvm
    • EPSS Score: %0.61
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3566

    A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.... Read more

    • Published: Apr. 10, 2024
    • Modified: Jun. 25, 2025

  • 9.8

    CRITICAL
    CVE-2025-30465

    A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.... Read more

    Affected Products : macos ipados
    • Published: Mar. 31, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2012-1823

    sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placi... Read more

    • Actively Exploited
    • EPSS Score: %94.29
    • Published: May. 11, 2012
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-50379

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache T... Read more

    Affected Products : tomcat bootstrap_os hci_compute_node
    • Published: Dec. 17, 2024
    • Modified: Aug. 08, 2025

  • 9.8

    CRITICAL
    CVE-2012-1577

    lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.... Read more

    Affected Products : debian_linux openbsd dietlibc
    • EPSS Score: %0.91
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1745

    A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerabil... Read more

    Affected Products : undertow
    • EPSS Score: %2.40
    • Published: Apr. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47009

    Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.... Read more

    Affected Products : avalanche
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2020-1731

    A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift names... Read more

    Affected Products : keycloak keycloak_operator
    • EPSS Score: %0.39
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-25257

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker ... Read more

    Affected Products : fortiweb
    • Actively Exploited
    • Published: Jul. 17, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2012-1301

    The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.... Read more

    Affected Products : umbraco_cms
    • EPSS Score: %3.16
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-23797

    An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.10
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-1187

    Bitlbee does not drop extra group privileges correctly in unix.c... Read more

    Affected Products : bitlbee
    • EPSS Score: %0.43
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292318 Results