Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-8686

    The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerabi... Read more

    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-13786

    The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerex_callback_view_more_posts' function. This makes it possible for unauthenticated att... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-13744

    The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticate... Read more

    Affected Products : booster_for_woocommerce
    • Published: Apr. 04, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-13742

    The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the reqpars parameter. This makes it possible for unauthent... Read more

    Affected Products : icontrolwp
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2020-15690

    In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.... Read more

    Affected Products : nim
    • Published: Jan. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-1028

    The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.... Read more

    Affected Products : debian_linux smarty
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-15683

    Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run ... Read more

    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-6913

    Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.... Read more

    Affected Products : ubuntu_linux debian_linux perl
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7183

    Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.... Read more

    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-10001

    A vulnerability was found in iamdroppy phoenixcf. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file content/2-Community/articles.cfm. The manipulation leads to sql injection. The patch is named d156fa... Read more

    Affected Products : phoenixcf
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-0488

    ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS... Read more

    Affected Products : debian_linux mbed_tls
    • Published: Feb. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7551

    There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.... Read more

    Affected Products : debian_linux sam2p
    • Published: Feb. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7602

    A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is r... Read more

    Affected Products : debian_linux drupal
    • Actively Exploited
    • Published: Jul. 19, 2018
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2011-10004

    A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotel... Read more

    Affected Products : reciply
    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-10002

    A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The identifi... Read more

    Affected Products : weblabyrinth
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-10003

    A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address ... Read more

    Affected Products : xpressengine
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-8797

    rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.... Read more

    Affected Products : debian_linux leap rdesktop
    • Published: Feb. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5434

    A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.... Read more

    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-13645

    The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is pres... Read more

    Affected Products : tagdiv_composer composer
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2017-5641

    Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effect... Read more

    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292803 Results