Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-8380

    Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : qemu
    • EPSS Score: %2.85
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5689

    The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.... Read more

    Affected Products : imagemagick solaris
    • EPSS Score: %1.07
    • Published: Dec. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2017-8923

    The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspeci... Read more

    Affected Products : php
    • EPSS Score: %3.04
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-43467

    An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to tri... Read more

    Affected Products : open_babel
    • EPSS Score: %0.34
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-39352

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `... Read more

    Affected Products : fedora debian_linux freerdp
    • EPSS Score: %0.09
    • Published: Aug. 31, 2023
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2014-5044

    Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.... Read more

    Affected Products : libgfortran
    • EPSS Score: %4.18
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24115

    In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).... Read more

    Affected Products : botan
    • EPSS Score: %0.71
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47010

    Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.... Read more

    Affected Products : avalanche
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2023-29492

    Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.... Read more

    Affected Products : novi_survey novi_survey
    • Actively Exploited
    • EPSS Score: %25.53
    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-2538

    A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative access to the system.... Read more

    Affected Products : portal_for_arcgis
    • Published: Mar. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-56521

    An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.... Read more

    Affected Products : tcpdf
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2016-10253

    An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordina... Read more

    Affected Products : erlang\/otp
    • EPSS Score: %0.51
    • Published: Mar. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10711

    Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.... Read more

    Affected Products : debian_linux pound
    • EPSS Score: %1.00
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-2403

    Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.... Read more

    Affected Products : symfony
    • EPSS Score: %0.15
    • Published: Feb. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5280

    Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectiona... Read more

    Affected Products : firefox firefox_esr
    • EPSS Score: %1.71
    • Published: Sep. 22, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5773

    php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of se... Read more

    Affected Products : php
    • EPSS Score: %10.20
    • Published: Aug. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7411

    ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that referen... Read more

    Affected Products : php
    • EPSS Score: %0.76
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7446

    Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.... Read more

    • EPSS Score: %2.02
    • Published: Feb. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7167

    Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-b... Read more

    Affected Products : fedora curl libcurl
    • EPSS Score: %2.21
    • Published: Oct. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-7943

    The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.... Read more

    Affected Products : fedora libx11
    • EPSS Score: %4.71
    • Published: Dec. 13, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291617 Results