Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-28802

    A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4... Read more

    Affected Products : quts_hero qts
    • EPSS Score: %1.06
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-4105

    An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %1.89
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31921

    Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing conf... Read more

    Affected Products : istio
    • EPSS Score: %0.21
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-1506

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain una... Read more

    • EPSS Score: %1.12
    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10071

    In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.... Read more

    Affected Products : ubuntu_linux zsh
    • EPSS Score: %0.28
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23478

    xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known work... Read more

    Affected Products : debian_linux xrdp
    • EPSS Score: %0.18
    • Published: Dec. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23218

    The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a ... Read more

    • EPSS Score: %0.40
    • Published: Jan. 14, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2018-5156

    A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thun... Read more

    • EPSS Score: %2.67
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25236

    xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.... Read more

    • EPSS Score: %9.36
    • Published: Feb. 16, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2021-33046

    Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.... Read more

    • EPSS Score: %0.59
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-14353

    An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.... Read more

    Affected Products : ubuntu_linux debian_linux mutt neomutt
    • EPSS Score: %4.42
    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-29164

    HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.... Read more

    Affected Products : hdf5
    • Published: May. 14, 2024
    • Modified: Apr. 18, 2025

  • 9.8

    CRITICAL
    CVE-2018-5506

    In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client c... Read more

    • EPSS Score: %0.20
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5485

    The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().... Read more

    Affected Products : tcpdump
    • EPSS Score: %0.93
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-28209

    An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.36
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-3463

    Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.... Read more

    Affected Products : ubuntu_linux fedora debian_linux rssh
    • EPSS Score: %8.56
    • Published: Feb. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7936

    The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().... Read more

    Affected Products : tcpdump
    • EPSS Score: %0.93
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-44223

    WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming ... Read more

    Affected Products : wordpress
    • EPSS Score: %21.46
    • Published: Nov. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-5327

    In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.62
    • Published: Jul. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-6028

    An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them su... Read more

    • EPSS Score: %0.23
    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292275 Results