Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2011-4906

    Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.... Read more

    Affected Products : tinybrowser
    • EPSS Score: %35.88
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-1827

    A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injec... Read more

    Affected Products : library_system library_system
    • Published: Feb. 23, 2024
    • Modified: Dec. 06, 2024

  • 9.8

    CRITICAL
    CVE-2017-2527

    An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application cr... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %9.36
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-29650

    An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components.... Read more

    Affected Products :
    • Published: Mar. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21693

    When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.... Read more

    Affected Products : jenkins
    • EPSS Score: %1.30
    • Published: Nov. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-29157

    HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.... Read more

    Affected Products : hdf5
    • Published: May. 14, 2024
    • Modified: Apr. 18, 2025

  • 9.8

    CRITICAL
    CVE-2020-13756

    Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.... Read more

    Affected Products : php_css_parser
    • EPSS Score: %19.90
    • Published: Jun. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27922

    TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulatio... Read more

    Affected Products :
    • Published: Mar. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1025

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improp... Read more

    • EPSS Score: %9.92
    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000231

    A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.... Read more

    Affected Products : ldns
    • EPSS Score: %0.55
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-9898

    This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos mac_os_x iphone_os ipados
    • EPSS Score: %0.45
    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20314

    Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.... Read more

    Affected Products : enterprise_linux fedora libspf2
    • EPSS Score: %0.17
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8199

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lea... Read more

    • EPSS Score: %5.64
    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14670

    Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.... Read more

    Affected Products : clickhouse clickhouse
    • EPSS Score: %0.42
    • Published: Aug. 15, 2019
    • Modified: Jun. 25, 2025

  • 9.8

    CRITICAL
    CVE-2011-4183

    A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.... Read more

    Affected Products : open_build_service
    • EPSS Score: %0.37
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-1468

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain una... Read more

    • EPSS Score: %1.46
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4069

    html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.... Read more

    Affected Products : packetfence
    • EPSS Score: %0.88
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4094

    Jara 1.6 has a SQL injection vulnerability.... Read more

    Affected Products : jara
    • EPSS Score: %5.60
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4068

    The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.... Read more

    Affected Products : packetfence
    • EPSS Score: %0.64
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19853

    BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.... Read more

    Affected Products : bluecms bluecms
    • EPSS Score: %0.26
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292425 Results