Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-12647

    Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF6... Read more

    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-31686

    VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application... Read more

    Affected Products : workspace_one_assist
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2010-4239

    Tiki Wiki CMS Groupware 5.2 has Local File Inclusion... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-4202

    Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.... Read more

    Affected Products : linux_kernel chrome
    • Published: Nov. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2020-14972

    Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the adm... Read more

    • Published: Jun. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-2029

    Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network ac... Read more

    Affected Products : e-business_suite scripting
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14983

    The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.... Read more

    • Published: Jun. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-4204

    WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other imp... Read more

    Affected Products : fedora chrome webkitgtk
    • Published: Nov. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2010-4041

    The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.... Read more

    Affected Products : linux_kernel chrome
    • Published: Oct. 21, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2010-4039

    Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.... Read more

    Affected Products : linux_kernel chrome
    • Published: Oct. 21, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2020-14942

    Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.... Read more

    Affected Products : tendenci
    • Published: Jun. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14931

    A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff.... Read more

    Affected Products : dmitry
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14932

    compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.... Read more

    Affected Products : squirrelmail change_passwd
    • Published: Jun. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14934

    Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the numbe... Read more

    Affected Products : contiki-ng
    • Published: Aug. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12470

    The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it... Read more

    Affected Products : sakolawp
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-34362

    In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated a... Read more

    Affected Products : moveit_transfer moveit_cloud
    • Actively Exploited
    • Published: Jun. 02, 2023
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2022-45138

    The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters tha... Read more

    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-3729

    The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : chrome
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2010-3845

    libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.... Read more

    Affected Products : apache_authenhook
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-46393

    An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_C... Read more

    Affected Products : fedora mbed_tls
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025
Showing 20 of 292802 Results