Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-34218

    In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible... Read more

    Affected Products : teamcity
    • EPSS Score: %0.00
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-34095

    cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()... Read more

    Affected Products : cpdb-libs
    • EPSS Score: %0.39
    • Published: Jun. 14, 2023
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-34051

    VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. ... Read more

    Affected Products : aria_operations_for_logs
    • EPSS Score: %45.45
    • Published: Oct. 20, 2023
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-34048

    vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.... Read more

    Affected Products : vcenter_server
    • Actively Exploited
    • EPSS Score: %93.04
    • Published: Oct. 25, 2023
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2023-33371

    Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.... Read more

    Affected Products : control_id_idsecure
    • EPSS Score: %0.05
    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33299

    A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. No... Read more

    Affected Products : fortinac
    • EPSS Score: %9.99
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33010

    A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W... Read more

    • Actively Exploited
    • EPSS Score: %4.39
    • Published: May. 24, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-33009

    A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)... Read more

    • Actively Exploited
    • EPSS Score: %4.64
    • Published: May. 24, 2023
    • Modified: Jan. 27, 2025

  • 9.8

    CRITICAL
    CVE-2023-3265

    An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An u... Read more

    Affected Products : powerpanel_server
    • EPSS Score: %0.20
    • Published: Aug. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32564

    An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.... Read more

    Affected Products : avalanche
    • EPSS Score: %27.34
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32562

    An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.... Read more

    Affected Products : avalanche
    • EPSS Score: %27.34
    • Published: Aug. 10, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-32419

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %1.53
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-9760

    An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.... Read more

    Affected Products : debian_linux weechat
    • EPSS Score: %1.05
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32321

    CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions... Read more

    Affected Products : ckan
    • EPSS Score: %2.73
    • Published: May. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-32169

    D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerabi... Read more

    Affected Products : d-view_8
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-32165

    D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this v... Read more

    Affected Products : d-view_8
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 9.8

    CRITICAL
    CVE-2020-9669

    Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation.... Read more

    • EPSS Score: %1.24
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5344

    Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other ... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.25
    • Published: Aug. 30, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2023-29075

    A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the contex... Read more

    • EPSS Score: %0.31
    • Published: Nov. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28862

    An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation a... Read more

    Affected Products : lemonldap\
    • EPSS Score: %0.04
    • Published: Mar. 31, 2023
    • Modified: Feb. 14, 2025
Showing 20 of 292275 Results