Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-40397

    The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.... Read more

    Affected Products : macos webkitgtk wpe_webkit
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-7778

    A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firef... Read more

    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-7780

    Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-7818

    A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox... Read more

    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-22931

    Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (... Read more

    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14825

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with networ... Read more

    Affected Products : weblogic_server
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-7857

    FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.... Read more

    Affected Products : freetype
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2010-3375

    qtparted has insecure library loading which may allow arbitrary code execution... Read more

    Affected Products : qtparted
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14756

    Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenti... Read more

    Affected Products : utilities_framework coherence
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37885

    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successfu... Read more

    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-52389

    UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of... Read more

    Affected Products : sinec_ins poco
    • Published: Jan. 27, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-12234

    A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injectio... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-12230

    A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/subcategory.php. The manipulation of the argument category leads to sq... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-12228

    A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to laun... Read more

    Affected Products : complaint_management_system
    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-12248

    Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-21899

    An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Mar. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-7612

    A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part o... Read more

    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12187

    A vulnerability was found in 1000 Projects Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /showbook.php. The manipulation of the argument q leads to sql injection. It is possible to launch th... Read more

    Affected Products : library_management_system
    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2024-12188

    A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri leads to sql injecti... Read more

    Affected Products : library_management_system
    • Published: Dec. 05, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2023-32216

    Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough... Read more

    Affected Products : firefox
    • Published: Jun. 19, 2023
    • Modified: May. 27, 2025
Showing 20 of 292782 Results