Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2019-20800

In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers....

Affected Products : cherokee
EPSS Score: %1.26

Published: May. 18, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2022-22632

A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges....

Affected Products : macos iphone_os tvos watchos ipados
EPSS Score: %0.87

Published: Mar. 18, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses....

Affected Products : zfs_storage_appliance_kit communications_cloud_native_core_network_slice_selection_function python communications_cloud_native_core_automated_test_suite graalvm communications_cloud_native_core_binding_support_function
EPSS Score: %2.76

Published: May. 06, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-17161

In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack ...

Affected Products : freebsd
EPSS Score: %2.25

Published: Jan. 03, 2019

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-5098

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 5...

Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %2.61

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5204

The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print()....

Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus tcpdump
EPSS Score: %2.17

Published: Jan. 28, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2022-23608

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a h...

Affected Products : debian_linux pjsip asterisk certified_asterisk
EPSS Score: %0.48

Published: Feb. 22, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5432

A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %2.02

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-5459

An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via netwo...

Affected Products : pfc200_firmware 750-8202 750-8202\/025-000 750-8202\/025-001 750-8202\/025-002 750-8202\/040-001 750-8203 750-8203\/025-000 750-8204 750-8204\/025-000 +9 more products
EPSS Score: %0.96

Published: Feb. 13, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5456

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox...

Affected Products : firefox firefox_esr enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %0.36

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5469

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %5.71

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5470

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fir...

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %3.55

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5484

The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print()....

Affected Products : tcpdump
EPSS Score: %1.76

Published: Jan. 28, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2021-35209

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The valu...

Affected Products : collaboration
EPSS Score: %2.45

Published: Jul. 02, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-40722

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE....

Affected Products : experience_manager experience_manager_cloud_service
EPSS Score: %0.38

Published: Jan. 13, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2022-28205

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future....

Affected Products : mediawiki
EPSS Score: %0.34

Published: Mar. 30, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2019-15741

An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation...

Affected Products : omnibus
EPSS Score: %0.32

Published: Sep. 16, 2019

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2022-29021

A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device....

Affected Products : openrazer
EPSS Score: %0.11

Published: May. 20, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2022-29130

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products
EPSS Score: %8.53

Published: May. 10, 2022

Modified: Jan. 02, 2025
9.8

CRITICAL

CVE-2021-38395

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition....

Affected Products : c300_firmware c200_firmware c200e_firmware application_control_environment_firmware c300 c200 c200e application_control_environment
EPSS Score: %0.14

Published: Oct. 28, 2022

Modified: Nov. 21, 2024

Showing 20 of 291638 Results

1
...
1455
1456
1457
1458
1459
1460
1461
...
14582

Latest CVE Feed

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable