Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-20092

    File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.... Read more

    Affected Products : articlecms
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5660

    Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Ne... Read more

    Affected Products :
    • Published: Dec. 10, 2024
    • Modified: Dec. 16, 2024

  • 9.8

    CRITICAL
    CVE-2019-8042

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exp... Read more

    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1959

    A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation ... Read more

    Affected Products : syncope
    • Published: May. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1957

    Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.... Read more

    Affected Products : debian_linux shiro
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1952

    An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.... Read more

    Affected Products : iotdb
    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34416

    Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulne... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 19, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2021-27649

    Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • Published: Jun. 23, 2021
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2021-27860

    A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory id... Read more

    • Actively Exploited
    • Published: Dec. 08, 2021
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2019-8205

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation... Read more

    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12899

    The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().... Read more

    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-20738

    Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and g... Read more

    • Published: Feb. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27981

    A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to ... Read more

    Affected Products : unifi_network_application
    • Published: Apr. 04, 2024
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2020-1909

    A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events... Read more

    Affected Products : whatsapp whatsapp_business
    • Published: Nov. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3566

    A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.... Read more

    • Published: Apr. 10, 2024
    • Modified: Jun. 25, 2025

  • 9.8

    CRITICAL
    CVE-2025-30465

    A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.... Read more

    Affected Products : macos ipados
    • Published: Mar. 31, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2012-1823

    sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placi... Read more

    • Actively Exploited
    • Published: May. 11, 2012
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-50379

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache T... Read more

    Affected Products : tomcat bootstrap_os hci_compute_node
    • Published: Dec. 17, 2024
    • Modified: Aug. 08, 2025

  • 9.8

    CRITICAL
    CVE-2012-1577

    lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.... Read more

    Affected Products : debian_linux openbsd dietlibc
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-1745

    A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerabil... Read more

    Affected Products : undertow
    • Published: Apr. 28, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294286 Results