Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core)....

Affected Products : debian_linux active_iq_unified_manager weblogic_server primavera_unifier jd_edwards_enterpriseone_tools retail_xstore_point_of_service jackson-databind retail_merchandising_system agile_plm autovue_for_agile_product_lifecycle_management +15 more products
EPSS Score: %69.81

Published: Mar. 02, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-15127

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution...

Affected Products : ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus libvncserver
EPSS Score: %15.61

Published: Dec. 19, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the St...

Affected Products : manageengine_servicedesk_plus manageengine_supportcenter_plus manageengine_servicedesk_plus_msp
Actively Exploited

EPSS Score: %94.33

Published: Nov. 29, 2021

Modified: Mar. 14, 2025
9.8

CRITICAL

CVE-2021-45957

Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our kno...

Affected Products : dnsmasq
EPSS Score: %0.05

Published: Jan. 01, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2016-10190

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response....

Affected Products : ffmpeg
EPSS Score: %35.70

Published: Feb. 09, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated....

Affected Products : fedora debian_linux kramdown
EPSS Score: %1.50

Published: Mar. 19, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-23383

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source....

Affected Products : e-series_performance_analyzer handlebars
EPSS Score: %5.85

Published: May. 04, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-31980

Microsoft Intune Management Extension Remote Code Execution Vulnerability...

Affected Products : intune_management_extension
EPSS Score: %4.48

Published: Jun. 08, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2019-20800

In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers....

Affected Products : cherokee
EPSS Score: %1.26

Published: May. 18, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2022-22632

A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges....

Affected Products : macos iphone_os tvos watchos ipados
EPSS Score: %0.87

Published: Mar. 18, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses....

Affected Products : zfs_storage_appliance_kit communications_cloud_native_core_network_slice_selection_function python communications_cloud_native_core_automated_test_suite graalvm communications_cloud_native_core_binding_support_function
EPSS Score: %2.76

Published: May. 06, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-17161

In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack ...

Affected Products : freebsd
EPSS Score: %2.25

Published: Jan. 03, 2019

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-5098

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 5...

Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %2.61

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5204

The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print()....

Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus tcpdump
EPSS Score: %2.17

Published: Jan. 28, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2022-23608

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a h...

Affected Products : debian_linux pjsip asterisk certified_asterisk
EPSS Score: %0.48

Published: Feb. 22, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5432

A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %2.02

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-5459

An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via netwo...

Affected Products : pfc200_firmware 750-8202 750-8202\/025-000 750-8202\/025-001 750-8202\/025-002 750-8202\/040-001 750-8203 750-8203\/025-000 750-8204 750-8204\/025-000 +9 more products
EPSS Score: %0.96

Published: Feb. 13, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5456

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox...

Affected Products : firefox firefox_esr enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %0.36

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5469

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %5.71

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5470

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fir...

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %3.55

Published: Jun. 11, 2018

Modified: Nov. 21, 2024

Showing 20 of 291573 Results

1
...
1456
1457
1458
1459
1460
1461
1462
...
14579

Latest CVE Feed

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable