Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-11058

    RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker... Read more

    • Published: Sep. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-7053

    An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.... Read more

    Affected Products : ubuntu_linux debian_linux irssi
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-0840

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE:... Read more

    Affected Products : ubuntu_linux jre opensuse jre sdk jdk
    • Actively Exploited
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-38077

    Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability... Read more

    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11698

    A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions li... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • Published: Nov. 26, 2024
    • Modified: Jun. 24, 2025

  • 9.8

    CRITICAL
    CVE-2018-7263

    The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may... Read more

    Affected Products : libmad
    • Published: Feb. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-20067

    In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issu... Read more

    Affected Products : nr16 nr17 mt6813 mt6835 mt6878 mt6897 mt8792 mt6815 mt6899 mt6991 +2 more products
    • Published: Jun. 03, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2023-36911

    Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more

    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11646

    A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql ... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-11635

    The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.... Read more

    Affected Products : wordpress_file_upload
    • Published: Jan. 08, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-11631

    A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /expedit.php. The manipulation of the argument expcat leads to sql injection. The attack may be in... Read more

    Affected Products : tailoring_management_system
    • Published: Nov. 23, 2024
    • Modified: Nov. 25, 2024

  • 9.8

    CRITICAL
    CVE-2015-1276

    Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by l... Read more

    • Published: Jul. 23, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2018-7809

    An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.... Read more

    • Published: Nov. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-11592

    A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagetitle leads to sql injection. Th... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 21, 2024
    • Modified: Dec. 10, 2024

  • 9.8

    CRITICAL
    CVE-2022-2120

    OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.... Read more

    Affected Products : dcmtk
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14275

    Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.... Read more

    Affected Products : hcl_commerce
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29155

    In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is pr... Read more

    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-14188

    The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.... Read more

    Affected Products : jira_create
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-49287

    TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.... Read more

    Affected Products : tinydir
    • Published: Dec. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-12396

    Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This ... Read more

    Affected Products : firefox
    • Published: May. 26, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294287 Results