Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-35305

    Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Jun. 10, 2024
    • Modified: Sep. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-24300

    Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.... Read more

    Affected Products : debian_linux minetest
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-24065

    The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flag... Read more

    Affected Products : fedora cookiecutter
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23901

    A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.... Read more

    Affected Products : re2c
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-23131

    In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to ... Read more

    Affected Products : zabbix frontend
    • Actively Exploited
    • Published: Jan. 13, 2022
    • Modified: Mar. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-23086

    Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with acc... Read more

    Affected Products : freebsd
    • Published: Feb. 15, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2022-22956

    VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the au... Read more

    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2005-0199

    Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculat... Read more

    Affected Products : ngircd
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-22630

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution... Read more

    Affected Products : macos mac_os_x
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32697

    SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. ... Read more

    Affected Products : sqlite_jdbc
    • Published: May. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32692

    CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model va... Read more

    Affected Products : codeigniter
    • Published: May. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32674

    Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.... Read more

    Affected Products : pc_hardware_diagnostics
    • Published: Jun. 12, 2023
    • Modified: Jan. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-32571

    Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.... Read more

    Affected Products : linq
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32560

    An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.... Read more

    Affected Products : avalanche
    • Published: Aug. 10, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-32564

    An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.... Read more

    Affected Products : avalanche
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32562

    An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.... Read more

    Affected Products : avalanche
    • Published: Aug. 10, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-32569

    An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have... Read more

    Affected Products : infoscale_operations_manager
    • Published: May. 10, 2023
    • Modified: Jan. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-32563

    An unauthenticated attacker could achieve the code execution through a RemoteControl server.... Read more

    Affected Products : avalanche
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32557

    A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.... Read more

    Affected Products : windows apex_one
    • Published: Jun. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32540

    In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file exte... Read more

    Affected Products : webaccess\/scada
    • Published: Jun. 06, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294421 Results