Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-5276

    A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data.  Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via S... Read more

    Affected Products : filecatalyst_workflow
    • Published: Jun. 25, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2010-10009

    A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch ... Read more

    Affected Products : ptome
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-32840

    SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulner... Read more

    Affected Products : sharpziplib
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-20272

    A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is ... Read more

    Affected Products : unity_connection
    • Published: Jan. 17, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2020-10148

    The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a comprom... Read more

    Affected Products : orion_platform
    • Actively Exploited
    • Published: Dec. 29, 2020
    • Modified: Mar. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-23809

    A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a mal... Read more

    Affected Products : fedora libbiosig
    • Published: Feb. 20, 2024
    • Modified: Aug. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-11739

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection.This issue affects Case ERP: before V2.0.1.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-34722

    Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability... Read more

    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14350

    An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.... Read more

    Affected Products : ubuntu_linux debian_linux mutt neomutt
    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-10683

    dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any applic... Read more

    • Published: May. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11058

    RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker... Read more

    • Published: Sep. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7053

    An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.... Read more

    Affected Products : ubuntu_linux debian_linux irssi
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-0840

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE:... Read more

    Affected Products : ubuntu_linux jre opensuse jre sdk jdk
    • Actively Exploited
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-38077

    Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability... Read more

    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11698

    A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions li... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • Published: Nov. 26, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2018-7263

    The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may... Read more

    Affected Products : libmad
    • Published: Feb. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-20067

    In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issu... Read more

    Affected Products : nr16 nr17 mt6813 mt6835 mt6878 mt6897 mt8792 mt6815 mt6899 mt6991 +2 more products
    • Published: Jun. 03, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2023-36911

    Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more

    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11646

    A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql ... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-11635

    The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.... Read more

    Affected Products : wordpress_file_upload
    • Published: Jan. 08, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication
Showing 20 of 292782 Results