Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-26496

    In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.... Read more

    • Published: Mar. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-15027

    ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. This was patched in 2020.7 and in a hotfix for 2019.12.... Read more

    Affected Products : automate automate_api
    • Published: Jul. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12824

    The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their... Read more

    Affected Products :
    • Published: Mar. 01, 2025
    • Modified: Mar. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-1567

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticate... Read more

    Affected Products : royal_elementor_addons
    • Published: May. 02, 2024
    • Modified: Jan. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-12727

    A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchang... Read more

    Affected Products : firewall firewall_firmware
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2020-14993

    A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.... Read more

    • Published: Jun. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-12647

    Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF6... Read more

    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-31686

    VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application... Read more

    Affected Products : workspace_one_assist
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2010-4239

    Tiki Wiki CMS Groupware 5.2 has Local File Inclusion... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-4202

    Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.... Read more

    Affected Products : linux_kernel chrome
    • Published: Nov. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2020-14972

    Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the adm... Read more

    • Published: Jun. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-2029

    Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network ac... Read more

    Affected Products : e-business_suite scripting
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14983

    The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.... Read more

    • Published: Jun. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-4204

    WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other imp... Read more

    Affected Products : fedora chrome webkitgtk
    • Published: Nov. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2010-4041

    The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.... Read more

    Affected Products : linux_kernel chrome
    • Published: Oct. 21, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2010-4039

    Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.... Read more

    Affected Products : linux_kernel chrome
    • Published: Oct. 21, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2020-14942

    Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.... Read more

    Affected Products : tendenci
    • Published: Jun. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14931

    A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff.... Read more

    Affected Products : dmitry
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14932

    compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.... Read more

    Affected Products : squirrelmail change_passwd
    • Published: Jun. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14934

    Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. If the numbe... Read more

    Affected Products : contiki-ng
    • Published: Aug. 18, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293254 Results