Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2010-0211

    The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a... Read more

    • EPSS Score: %42.37
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2008-7315

    UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : ui\
    • EPSS Score: %4.84
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2008-0655

    Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.... Read more

    Affected Products : acrobat acrobat_reader
    • Actively Exploited
    • EPSS Score: %69.96
    • Published: Feb. 07, 2008
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2005-1689

    Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.... Read more

    • EPSS Score: %55.20
    • Published: Jul. 18, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2005-0199

    Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculat... Read more

    Affected Products : ngircd
    • EPSS Score: %20.15
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-8788

    FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.... Read more

    Affected Products : ubuntu_linux debian_linux freerdp
    • EPSS Score: %8.29
    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16335

    A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.... Read more

    • EPSS Score: %0.65
    • Published: Sep. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7941

    A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.... Read more

    Affected Products : plone
    • EPSS Score: %0.62
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14001

    The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with t... Read more

    • EPSS Score: %3.63
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1917

    Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.... Read more

    Affected Products :
    • Published: Mar. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-8380

    Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : qemu
    • EPSS Score: %2.85
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5689

    The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.... Read more

    Affected Products : imagemagick solaris
    • EPSS Score: %1.07
    • Published: Dec. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2017-8923

    The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspeci... Read more

    Affected Products : php
    • EPSS Score: %3.04
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-43467

    An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to tri... Read more

    Affected Products : open_babel
    • EPSS Score: %0.34
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39352

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `... Read more

    Affected Products : fedora debian_linux freerdp
    • EPSS Score: %0.09
    • Published: Aug. 31, 2023
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2014-5044

    Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.... Read more

    Affected Products : libgfortran
    • EPSS Score: %4.18
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24115

    In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).... Read more

    Affected Products : botan
    • EPSS Score: %0.71
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47010

    Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.... Read more

    Affected Products : avalanche
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2023-29492

    Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.... Read more

    Affected Products : novi_survey novi_survey
    • Actively Exploited
    • EPSS Score: %25.53
    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-2538

    A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative access to the system.... Read more

    Affected Products : portal_for_arcgis
    • Published: Mar. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication
Showing 20 of 291728 Results