Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2022-46393

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_C...

Affected Products : fedora mbed_tls
EPSS Score: %0.65

Published: Dec. 15, 2022

Modified: Apr. 21, 2025
9.8

CRITICAL

CVE-2022-47629

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser....

Affected Products : debian_linux libksba
EPSS Score: %1.84

Published: Dec. 20, 2022

Modified: Apr. 16, 2025
9.8

CRITICAL

CVE-2022-47939

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT....

Affected Products : linux_kernel
EPSS Score: %0.91

Published: Dec. 23, 2022

Modified: Apr. 14, 2025
9.8

CRITICAL

CVE-2023-1698

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise....

Affected Products : touch_panel_600_standard_firmware touch_panel_600_advanced_firmware touch_panel_600_marine_firmware pfc100_firmware pfc200_firmware edge_controller_firmware compact_controller_100_firmware compact_controller_100 edge_controller pfc100 +4 more products
EPSS Score: %93.76

Published: May. 15, 2023

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2023-20079

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilit...

Affected Products : ip_phone_7811_firmware ip_phone_7821_firmware ip_phone_7832_firmware ip_phone_7841_firmware ip_phone_7861_firmware ip_phone_8811_firmware ip_phone_8831_firmware ip_phone_8832_firmware ip_phone_8841_firmware ip_phone_8845_firmware +32 more products
EPSS Score: %8.61

Published: Mar. 03, 2023

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2023-40397

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution....

Affected Products : macos webkitgtk wpe_webkit
EPSS Score: %1.20

Published: Sep. 06, 2023

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2016-9534

tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."...

Affected Products : libtiff
EPSS Score: %0.45

Published: Nov. 22, 2016

Modified: Apr. 12, 2025
9.8

CRITICAL

CVE-2023-41887

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue....

Affected Products : openrefine
EPSS Score: %52.93

Published: Sep. 15, 2023

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firef...

Affected Products : firefox firefox_esr thunderbird debian_linux graphite2
EPSS Score: %1.12

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7780

Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55....

Affected Products : firefox
EPSS Score: %2.85

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52...

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %3.24

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox...

Affected Products : firefox firefox_esr thunderbird debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %9.00

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2021-22931

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (...

Affected Products : active_iq_unified_manager peoplesoft_enterprise_peopletools oncommand_insight oncommand_workflow_automation snapcenter sinec_infrastructure_network_services node.js graalvm mysql_cluster nextgen_api
EPSS Score: %0.74

Published: Aug. 16, 2021

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7857

FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c....

Affected Products : freetype
EPSS Score: %2.55

Published: Apr. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2023-27396

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS proto...

Affected Products : cp1l-el20dr-d_firmware cj2m-cpu35_firmware cj2m-cpu34_firmware cj2m-cpu33_firmware cj2m-cpu32_firmware cj2m-cpu31_firmware cj2h-cpu68-eip_firmware cj2h-cpu67-eip_firmware cj2h-cpu66-eip_firmware cj2h-cpu65-eip_firmware +532 more products
EPSS Score: %1.54

Published: Jun. 19, 2023

Modified: Dec. 24, 2024
9.8

CRITICAL

CVE-2022-1286

heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited....

Affected Products : mruby
EPSS Score: %0.58

Published: Apr. 10, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2023-25770

Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. ...

Affected Products : c300_firmware c300
EPSS Score: %0.05

Published: Jul. 13, 2023

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2014-3624

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT....

Affected Products : traffic_server
EPSS Score: %0.44

Published: Oct. 30, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2024-39950

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization....

Affected Products : nvr4416-16p-4ks2\/i_firmware nvr4416-4ks2\/i_firmware nvr4432-16p-4ks2\/i_firmware nvr4432-4ks2\/i_firmware nvr4816-16p-4ks2\/i_firmware nvr4816-4ks2\/i_firmware nvr4832-16p-4ks2\/i_firmware nvr4832-4ks2\/i_firmware nvr4104-4ks2\/l_firmware nvr4104-4ks2\/l +106 more products
Published: Jul. 31, 2024

Modified: Aug. 19, 2024
9.8

CRITICAL

CVE-2022-37885

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successfu...

Affected Products : arubaos instant scalance_w1750d_firmware scalance_w1750d
EPSS Score: %1.30

Published: Oct. 07, 2022

Modified: Nov. 21, 2024

Showing 20 of 291867 Results

1
...
1498
1499
1500
1501
1502
1503
1504
...
14594

Latest CVE Feed

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable