Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-0195

    Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp'... Read more

    Affected Products : tapestry
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-0192

    In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger r... Read more

    Affected Products : solr storage_automation_store
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9893

    Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Fi... Read more

    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-8863

    Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by a... Read more

    Affected Products : debian_linux libupnp
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2019-0101

    Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access.... Read more

    Affected Products : unite
    • Published: Feb. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-7505

    A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition.... Read more

    Affected Products : mujs
    • Published: Oct. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-42461

    GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to ... Read more

    Affected Products : glpi
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42464

    A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the v... Read more

    Affected Products : debian_linux netatalk
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-42404

    OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution.... Read more

    Affected Products : workspace
    • Published: Apr. 28, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-42320

    Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Sep. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6912

    Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.... Read more

    Affected Products : libgd
    • Published: Jan. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-42277

    hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.... Read more

    Affected Products : hutool
    • Published: Sep. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6525

    Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.... Read more

    Affected Products : debian_linux mupdf
    • Published: Sep. 22, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-42322

    Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.... Read more

    Affected Products : icms
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5770

    Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer a... Read more

    Affected Products : debian_linux leap php opensuse
    • Published: Aug. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5256

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more

    Affected Products : firefox
    • Published: Sep. 22, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-42115

    Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw ex... Read more

    Affected Products : exim
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 9.8

    CRITICAL
    CVE-2018-9848

    In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpe... Read more

    Affected Products : gxlcms_qy
    • Published: Apr. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5146

    Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : chrome
    • Published: Aug. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2018-9853

    Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.... Read more

    Affected Products : freesshd
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293592 Results