Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-45140

    The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.... Read more

    • EPSS Score: %1.44
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-7871

    Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.... Read more

    • EPSS Score: %76.65
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-15800

    A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPL... Read more

    • EPSS Score: %0.84
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8261

    The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.... Read more

    Affected Products : whatsup_gold whatsup_gold
    • EPSS Score: %4.36
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-35583

    wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessi... Read more

    Affected Products : wkhtmltopdf
    • EPSS Score: %65.66
    • Published: Aug. 22, 2022
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000060

    Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in ... Read more

    Affected Products : sensu_core
    • EPSS Score: %0.45
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-1817

    Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : musl
    • EPSS Score: %0.45
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17833

    OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.... Read more

    • EPSS Score: %1.18
    • Published: Apr. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-48084

    Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.... Read more

    Affected Products : nagios_xi
    • EPSS Score: %86.82
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-13040

    The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.... Read more

    Affected Products : tcpdump
    • EPSS Score: %1.84
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-2526

    A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other func... Read more

    • EPSS Score: %0.19
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9502

    Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.... Read more

    • EPSS Score: %0.52
    • Published: May. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10327

    LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.... Read more

    Affected Products : libreoffice
    • EPSS Score: %0.61
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-32089

    An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information dis... Read more

    Affected Products : fx9500_firmware fx9500
    • EPSS Score: %1.64
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4889

    The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using T... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.81
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-0391

    The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a ... Read more

    Affected Products : struts
    • Actively Exploited
    • EPSS Score: %90.89
    • Published: Jan. 08, 2012
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2016-10188

    Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.... Read more

    Affected Products : bitlbee
    • EPSS Score: %0.95
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10243

    TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.... Read more

    Affected Products : fedora debian_linux tex_live
    • EPSS Score: %9.88
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-1585

    In all versions of AppArmor mount rules are accidentally widened when compiled.... Read more

    Affected Products : apparmor apparmor
    • EPSS Score: %0.08
    • Published: Apr. 22, 2019
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2016-4000

    Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.... Read more

    Affected Products : debian_linux jython
    • EPSS Score: %15.58
    • Published: Jul. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291827 Results