Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-7751

    A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.... Read more

    • EPSS Score: %1.97
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-15254

    Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not... Read more

    Affected Products : crossbeam
    • EPSS Score: %0.51
    • Published: Oct. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27125

    A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacke... Read more

    Affected Products : security_manager
    • EPSS Score: %1.12
    • Published: Nov. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-23513

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.... Read more

    Affected Products : macos
    • EPSS Score: %0.25
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28201

    This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary ... Read more

    Affected Products : macos iphone_os tvos safari ipad_os ipados
    • EPSS Score: %3.98
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-22779

    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Succes... Read more

    Affected Products : arubaos instantos
    • EPSS Score: %0.88
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-6395

    The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansi... Read more

    • EPSS Score: %0.41
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37434

    zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source... Read more

    • EPSS Score: %92.68
    • Published: Aug. 05, 2022
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-37454

    The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interfac... Read more

    • EPSS Score: %1.80
    • Published: Oct. 21, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-42256

    In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op befo... Read more

    Affected Products : linux_kernel
    • Published: Aug. 08, 2024
    • Modified: Sep. 06, 2024

  • 9.8

    CRITICAL
    CVE-2024-4323

    A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.... Read more

    Affected Products : fluent_bit
    • Published: May. 20, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-17353

    scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.... Read more

    • EPSS Score: %1.26
    • Published: Aug. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-23313

    An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code... Read more

    Affected Products : fedora libbiosig
    • Published: Feb. 20, 2024
    • Modified: Aug. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-4577

    In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to W... Read more

    Affected Products : fedora php windows
    • Actively Exploited
    • Published: Jun. 09, 2024
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2021-26120

    Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.... Read more

    Affected Products : debian_linux smarty
    • EPSS Score: %78.84
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22080

    An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing.... Read more

    Affected Products : g5dfr_firmware g5dfr
    • Published: Mar. 20, 2024
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-39955

    The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by d... Read more

    • EPSS Score: %0.14
    • Published: Sep. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-27992

    The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticat... Read more

    • Actively Exploited
    • EPSS Score: %86.39
    • Published: Jun. 19, 2023
    • Modified: Mar. 19, 2025

  • 9.8

    CRITICAL
    CVE-2017-9225

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code po... Read more

    Affected Products : ruby php oniguruma
    • EPSS Score: %0.39
    • Published: May. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-32387

    A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.... Read more

    Affected Products : macos
    • EPSS Score: %1.15
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291722 Results