Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-27981

    A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to ... Read more

    Affected Products : unifi_network_application
    • Published: Apr. 04, 2024
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2020-1909

    A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events... Read more

    Affected Products : whatsapp whatsapp_business
    • Published: Nov. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1917

    xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write.... Read more

    Affected Products : hhvm
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3566

    A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.... Read more

    • Published: Apr. 10, 2024
    • Modified: Jun. 25, 2025

  • 9.8

    CRITICAL
    CVE-2025-30465

    A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.... Read more

    Affected Products : macos ipados
    • Published: Mar. 31, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2012-1823

    sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placi... Read more

    • Actively Exploited
    • Published: May. 11, 2012
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-50379

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache T... Read more

    Affected Products : tomcat bootstrap_os hci_compute_node
    • Published: Dec. 17, 2024
    • Modified: Aug. 08, 2025

  • 9.8

    CRITICAL
    CVE-2012-1577

    lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.... Read more

    Affected Products : debian_linux openbsd dietlibc
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1745

    A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerabil... Read more

    Affected Products : undertow
    • Published: Apr. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47009

    Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.... Read more

    Affected Products : avalanche
    • Published: Oct. 08, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2020-1731

    A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift names... Read more

    Affected Products : keycloak keycloak_operator
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-25257

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker ... Read more

    Affected Products : fortiweb
    • Actively Exploited
    • Published: Jul. 17, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2012-1301

    The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.... Read more

    Affected Products : umbraco_cms
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-23797

    An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.... Read more

    Affected Products : joomla\!
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-1187

    Bitlbee does not drop extra group privileges correctly in unix.c... Read more

    Affected Products : bitlbee
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-1124

    SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.... Read more

    Affected Products : phxeventmanager
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1647

    On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Contin... Read more

    Affected Products : junos
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-10030

    FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, an... Read more

    Affected Products : freefloat_ftp_server
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2012-10023

    A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The fla... Read more

    Affected Products : freefloat_ftp_server
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-36049

    .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability... Read more

    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results