Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-38203

    Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require use... Read more

    Affected Products : coldfusion
    • Actively Exploited
    • EPSS Score: %94.26
    • Published: Jul. 20, 2023
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-38199

    coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and th... Read more

    Affected Products : coreruleset sinec_nms
    • EPSS Score: %0.04
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38096

    NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication ... Read more

    Affected Products : prosafe_network_management_system
    • Published: May. 03, 2024
    • Modified: Feb. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-38035

    A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configurat... Read more

    Affected Products : mobileiron_sentry
    • Actively Exploited
    • EPSS Score: %94.44
    • Published: Aug. 21, 2023
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-37679

    A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.... Read more

    Affected Products : mirth_connect
    • EPSS Score: %93.69
    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-37582

    The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker ... Read more

    Affected Products : rocketmq
    • EPSS Score: %88.38
    • Published: Jul. 12, 2023
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2005-0102

    Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.... Read more

    • EPSS Score: %0.60
    • Published: Jan. 24, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-36845

    A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an ... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +82 more products
    • Actively Exploited
    • EPSS Score: %94.36
    • Published: Aug. 17, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-36765

    Microsoft Office Elevation of Privilege Vulnerability... Read more

    Affected Products : office
    • EPSS Score: %0.10
    • Published: Sep. 12, 2023
    • Modified: Feb. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-36758

    Visual Studio Elevation of Privilege Vulnerability... Read more

    Affected Products : visual_studio visual_studio_2022
    • EPSS Score: %0.16
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2004-2154

    CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.... Read more

    Affected Products : cups ubuntu_linux ubuntu_linux
    • EPSS Score: %0.49
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-36665

    "protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding a... Read more

    Affected Products : protobufjs
    • EPSS Score: %1.67
    • Published: Jul. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36660

    The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.... Read more

    Affected Products : nettle
    • EPSS Score: %0.11
    • Published: Jun. 25, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36553

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.... Read more

    Affected Products : fortisiem
    • EPSS Score: %1.82
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36177

    An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API.... Read more

    Affected Products : snapcast
    • EPSS Score: %28.54
    • Published: Jan. 23, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-3595

    Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP... Read more

    • EPSS Score: %31.58
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-35708

    In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthentica... Read more

    Affected Products : moveit_transfer
    • EPSS Score: %16.90
    • Published: Jun. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34992

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute una... Read more

    Affected Products : fortisiem
    • EPSS Score: %77.87
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34478

    Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Up... Read more

    Affected Products : shiro
    • EPSS Score: %0.04
    • Published: Jul. 24, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2023-34237

    SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privilege... Read more

    Affected Products : sabnzbd
    • EPSS Score: %2.76
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292275 Results