Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-8114

    GitLab EE 8.9 and later through 12.7.2 has Insecure Permission... Read more

    Affected Products : gitlab
    • EPSS Score: %0.18
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29862

    An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.... Read more

    • EPSS Score: %1.97
    • Published: May. 15, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-29631

    PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.... Read more

    Affected Products : jms_slider
    • EPSS Score: %0.14
    • Published: Jun. 05, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-29711

    An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.... Read more

    Affected Products : psg-5124_firmware psg-5124
    • EPSS Score: %0.23
    • Published: Jun. 22, 2023
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2020-7458

    In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrar... Read more

    Affected Products : freebsd
    • EPSS Score: %1.57
    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29721

    SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.... Read more

    Affected Products : sofawiki
    • EPSS Score: %0.22
    • Published: May. 24, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-29542

    A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firef... Read more

    Affected Products : firefox firefox_esr thunderbird windows
    • EPSS Score: %0.12
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2020-6008

    LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution... Read more

    Affected Products : lifterlms
    • EPSS Score: %7.55
    • Published: Mar. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29531

    An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulne... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • EPSS Score: %0.95
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2023-29492

    Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.... Read more

    Affected Products : novi_survey novi_survey
    • Actively Exploited
    • EPSS Score: %25.53
    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29485

    An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention ... Read more

    Affected Products : macos thor windows
    • EPSS Score: %0.06
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29473

    webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710... Read more

    • EPSS Score: %0.45
    • Published: Apr. 06, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-29474

    inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552.... Read more

    • EPSS Score: %0.54
    • Published: Apr. 06, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-41591

    An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.... Read more

    Affected Products : onos
    • Published: May. 29, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-29453

    Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal... Read more

    Affected Products : zabbix zabbix-agent2
    • EPSS Score: %0.43
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29432

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3. ... Read more

    Affected Products : houzez
    • EPSS Score: %0.15
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29405

    The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#... Read more

    Affected Products : fedora go
    • EPSS Score: %0.33
    • Published: Jun. 08, 2023
    • Modified: Jan. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-29382

    An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.... Read more

    Affected Products : collaboration
    • EPSS Score: %0.56
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-3850

    A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %1.18
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-3848

    A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %0.86
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292735 Results