Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2017-13012

The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print()....

Affected Products : tcpdump
Published: Sep. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-13046

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print()....

Affected Products : tcpdump
Published: Sep. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-13687

The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print()....

Affected Products : debian_linux tcpdump
Published: Sep. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-13889

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation....

Affected Products : mac_os_x mac_os_x
Published: Jan. 11, 2019

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2011-1460

WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks....

Affected Products : chrome blink
Published: Nov. 05, 2019

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-15917

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled....

Affected Products : fedora leap backports_sle claws-mail
Published: Jul. 23, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-15893

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP ...

Affected Products : dir-816l_firmware dir-816l
Published: Jul. 22, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-15900

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and coul...

Affected Products : ubuntu_linux leap ghostscript
Published: Jul. 28, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-15906

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts....

Affected Products : tikiwiki_cms\/groupware tiki
Published: Oct. 22, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-15921

Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution....

Affected Products : eframework
Published: Jul. 24, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-15851

Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible ...

Affected Products : backup_\&_replication_transporter
Published: Sep. 24, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-14532

ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c....

Affected Products : ubuntu_linux imagemagick
Published: Sep. 18, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2018-19362

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization....

Affected Products : debian_linux openshift_container_platform primavera_unifier primavera_p6_enterprise_project_portfolio_management business_process_management_suite webcenter_portal jboss_brms jackson-databind automation_manager decision_manager +2 more products
Published: Jan. 02, 2019

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-19409

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used....

Affected Products : ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus ghostscript
Published: Nov. 21, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2020-15786

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC...

Affected Products : simatic_hmi_comfort_panels_firmware simatic_hmi_unified_comfort_panels_firmware simatic_hmi_basic_panels_2nd_generation_firmware simatic_hmi_mobile_panels_firmware simatic_hmi_united_comfort_panels_firmware simatic_hmi_basic_panels_2nd_generation simatic_hmi_comfort_panels simatic_hmi_mobile_panels simatic_hmi_united_comfort_panels
Published: Sep. 09, 2020

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7864

FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c....

Affected Products : freetype
Published: Apr. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2024-13824

The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions...

Affected Products : ciyashop
Published: Mar. 14, 2025

Modified: Mar. 21, 2025

Vuln Type: Injection
9.8

CRITICAL

CVE-2018-5095

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability aff...

Affected Products : firefox firefox_esr thunderbird ubuntu_linux enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus +1 more products
Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-8686

The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerabi...

Affected Products : windows_server_2012 windows_server_2016
Published: Sep. 13, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2024-13786

The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerex_callback_view_more_posts' function. This makes it possible for unauthenticated att...

Affected Products :
Published: Jul. 02, 2025

Modified: Jul. 03, 2025

Vuln Type: Injection

Showing 20 of 292787 Results

1
...
1459
1460
1461
1462
1463
1464
1465
...
14640

Browse by Apps

Latest CVE Feed

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable