Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-17383

    The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.... Read more

    Affected Products : netaddr
    • EPSS Score: %0.26
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-4367

    A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.... Read more

    Affected Products : iphone_os
    • EPSS Score: %6.78
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-4110

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence.... Read more

    Affected Products : iphone_os
    • EPSS Score: %3.28
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20062

    An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.... Read more

    Affected Products : nonecms
    • Actively Exploited
    • EPSS Score: %94.31
    • Published: Dec. 11, 2018
    • Modified: Mar. 07, 2025

  • 9.8

    CRITICAL
    CVE-2018-16492

    A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.... Read more

    Affected Products : extend
    • EPSS Score: %1.32
    • Published: Feb. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13797

    The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.... Read more

    Affected Products : node-macaddress
    • EPSS Score: %11.81
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11210

    TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2... Read more

    Affected Products : tinyxml2
    • EPSS Score: %0.48
    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10562

    An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the us... Read more

    Affected Products : gpon_router_firmware gpon_router
    • Actively Exploited
    • EPSS Score: %94.03
    • Published: May. 04, 2018
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2018-10561

    An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. ... Read more

    Affected Products : gpon_router_firmware gpon_router
    • Actively Exploited
    • EPSS Score: %92.18
    • Published: May. 04, 2018
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000875

    Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to a... Read more

    • EPSS Score: %0.39
    • Published: Dec. 20, 2018
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2017-20146

    Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.... Read more

    Affected Products : handlers
    • EPSS Score: %0.06
    • Published: Dec. 27, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000486

    Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution... Read more

    Affected Products : primefaces
    • Actively Exploited
    • EPSS Score: %93.82
    • Published: Jan. 03, 2018
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2019-8272

    UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.... Read more

    • EPSS Score: %1.49
    • Published: Mar. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8258

    UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.... Read more

    • EPSS Score: %4.59
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2009-4488

    Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequenc... Read more

    Affected Products : varnish
    • EPSS Score: %3.02
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-8031

    The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2022-24955

    Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files.... Read more

    Affected Products : windows pdf_editor pdf_reader
    • EPSS Score: %0.69
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43782

    Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability ca... Read more

    Affected Products : crowd
    • EPSS Score: %0.46
    • Published: Nov. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11120

    Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploite... Read more

    • Actively Exploited
    • Published: Nov. 15, 2024
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-1012

    A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Feb. 04, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Race Condition
Showing 20 of 292044 Results