Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-36845

    A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an ... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +82 more products
    • Actively Exploited
    • Published: Aug. 17, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-29849

    Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: May. 22, 2024
    • Modified: Jul. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-28986

    SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability... Read more

    Affected Products : web_help_desk
    • Actively Exploited
    • Published: Aug. 13, 2024
    • Modified: Aug. 16, 2024

  • 9.8

    CRITICAL
    CVE-2025-47981

    Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Jul. 08, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-28000

    Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.... Read more

    Affected Products : litespeed_cache
    • Published: Aug. 21, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-27903

    OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.... Read more

    Affected Products : openvpn sinema_remote_connect
    • Published: Jul. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-58372

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace) are not protected in the same way as the .vscode folde... Read more

    Affected Products : roo_code
    • Published: Sep. 05, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-7101

    A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/install_ok.php of the component Configuration File Handler. The manipulation of the argument db_pass leads to code in... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-27099

    The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae49... Read more

    Affected Products : azure_uamqp uamqp
    • Published: Feb. 27, 2024
    • Modified: Feb. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-36765

    Microsoft Office Elevation of Privilege Vulnerability... Read more

    Affected Products : office
    • Published: Sep. 12, 2023
    • Modified: Feb. 28, 2025

  • 9.8

    CRITICAL
    CVE-2018-8711

    A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input valida... Read more

    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-8712

    An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, ... Read more

    Affected Products : webmin
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36758

    Visual Studio Elevation of Privilege Vulnerability... Read more

    Affected Products : visual_studio visual_studio_2022
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24996

    A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands. ... Read more

    Affected Products : avalanche
    • Published: Apr. 19, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2025-58434

    Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowise returns sensitive information including a valid password reset `tempToken` without authenticat... Read more

    Affected Products : flowise
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2021-20236

    A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerab... Read more

    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-24401

    SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.... Read more

    Affected Products : nagios_xi
    • Published: Feb. 26, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2021-20001

    It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.... Read more

    Affected Products : debian_linux debian-edu-config
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-22061

    A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands ... Read more

    Affected Products : avalanche
    • Published: Apr. 19, 2024
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-21917

    A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP serv... Read more

    Affected Products : factorytalk_services_platform
    • Published: Jan. 31, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294270 Results