Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-8257

    Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks... Read more

    Affected Products : gateway_plug-in
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29809

    SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.... Read more

    Affected Products : companymaps
    • Published: May. 12, 2023
    • Modified: Jan. 24, 2025

  • 9.8

    CRITICAL
    CVE-2023-29746

    An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files.... Read more

    Affected Products : the_thaiger
    • Published: Jun. 02, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2020-8114

    GitLab EE 8.9 and later through 12.7.2 has Insecure Permission... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29862

    An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.... Read more

    • Published: May. 15, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-29631

    PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.... Read more

    Affected Products : jms_slider
    • Published: Jun. 05, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-29711

    An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.... Read more

    Affected Products : psg-5124_firmware psg-5124
    • Published: Jun. 22, 2023
    • Modified: Dec. 12, 2024

  • 9.8

    CRITICAL
    CVE-2020-7458

    In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrar... Read more

    Affected Products : freebsd
    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29721

    SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.... Read more

    Affected Products : sofawiki
    • Published: May. 24, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-29542

    A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firef... Read more

    Affected Products : firefox firefox_esr thunderbird windows
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2020-6008

    LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution... Read more

    Affected Products : lifterlms
    • Published: Mar. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29531

    An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulne... Read more

    Affected Products : firefox firefox_esr thunderbird macos
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 9.8

    CRITICAL
    CVE-2023-29492

    Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.... Read more

    Affected Products : novi_survey novi_survey
    • Actively Exploited
    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29485

    An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention ... Read more

    Affected Products : macos thor windows
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29473

    webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710... Read more

    • Published: Apr. 06, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-29474

    inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552.... Read more

    • Published: Apr. 06, 2023
    • Modified: Feb. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-41591

    An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.... Read more

    Affected Products : onos
    • Published: May. 29, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-29453

    Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal... Read more

    Affected Products : zabbix zabbix-agent2
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29432

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3. ... Read more

    Affected Products : houzez
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-29405

    The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#... Read more

    Affected Products : fedora go
    • Published: Jun. 08, 2023
    • Modified: Jan. 06, 2025
Showing 20 of 292795 Results