Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-36953

    TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.... Read more

    Affected Products : cp300\+_firmware cp300\+
    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36401

    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially craf... Read more

    Affected Products : geoserver geotools geoserver
    • Actively Exploited
    • Published: Jul. 01, 2024
    • Modified: Aug. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-34502

    An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST requ... Read more

    Affected Products : fedora mediawiki
    • Published: May. 05, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-34107

    Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and ... Read more

    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-33512

    There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management proto... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-4105

    An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21696

    Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted libra... Read more

    Affected Products : jenkins
    • Published: Nov. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21694

    FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.... Read more

    Affected Products : jenkins
    • Published: Nov. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-3119

    A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents in... Read more

    Affected Products : sngrep
    • Published: Apr. 10, 2024
    • Modified: Feb. 03, 2025

  • 9.8

    CRITICAL
    CVE-2021-36260

    A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.... Read more

    • Actively Exploited
    • Published: Sep. 22, 2021
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-36845

    A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an ... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +82 more products
    • Actively Exploited
    • Published: Aug. 17, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-29849

    Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: May. 22, 2024
    • Modified: Jul. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-28986

    SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability... Read more

    Affected Products : web_help_desk
    • Actively Exploited
    • Published: Aug. 13, 2024
    • Modified: Aug. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-28000

    Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.... Read more

    Affected Products : litespeed_cache
    • Published: Aug. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-27903

    OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.... Read more

    Affected Products : openvpn sinema_remote_connect
    • Published: Jul. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-27099

    The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae49... Read more

    Affected Products : azure_uamqp uamqp
    • Published: Feb. 27, 2024
    • Modified: Feb. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-36765

    Microsoft Office Elevation of Privilege Vulnerability... Read more

    Affected Products : office
    • Published: Sep. 12, 2023
    • Modified: Feb. 28, 2025

  • 9.8

    CRITICAL
    CVE-2018-8711

    A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input valida... Read more

    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-8712

    An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, ... Read more

    Affected Products : webmin
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36758

    Visual Studio Elevation of Privilege Vulnerability... Read more

    Affected Products : visual_studio visual_studio_2022
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293617 Results