Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-12641

    rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.... Read more

    Affected Products : leap webmail backports_sle
    • Actively Exploited
    • EPSS Score: %93.07
    • Published: May. 04, 2020
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-20733

    A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security ... Read more

    Affected Products : identity_services_engine
    • EPSS Score: %0.52
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1276

    Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.... Read more

    Affected Products : mruby
    • EPSS Score: %0.80
    • Published: Apr. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1212

    Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.... Read more

    Affected Products : mruby
    • EPSS Score: %0.32
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1162

    A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts... Read more

    Affected Products : gitlab
    • EPSS Score: %89.09
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0675

    In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe ... Read more

    Affected Products : firewall
    • EPSS Score: %0.28
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0540

    A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.2... Read more

    • EPSS Score: %91.59
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0239

    corenlp is vulnerable to Improper Restriction of XML External Entity Reference... Read more

    Affected Products : corenlp
    • EPSS Score: %0.04
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45954

    Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.... Read more

    Affected Products : dnsmasq
    • EPSS Score: %0.05
    • Published: Jan. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45953

    Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.... Read more

    Affected Products : dnsmasq
    • EPSS Score: %0.05
    • Published: Jan. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45952

    Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.... Read more

    Affected Products : dnsmasq
    • EPSS Score: %0.05
    • Published: Jan. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45951

    Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to t... Read more

    Affected Products : dnsmasq
    • EPSS Score: %0.05
    • Published: Jan. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44847

    A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the proc... Read more

    Affected Products : fedora toxcore
    • EPSS Score: %2.23
    • Published: Dec. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-44676

    Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.... Read more

    Affected Products : manageengine_access_manager_plus
    • EPSS Score: %6.94
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-11729

    An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful.... Read more

    • EPSS Score: %0.47
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-11651

    An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can ... Read more

    • Actively Exploited
    • EPSS Score: %94.39
    • Published: Apr. 30, 2020
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2021-44143

    A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which... Read more

    Affected Products : fedora debian_linux isync
    • EPSS Score: %8.81
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-43214

    Web Media Extensions Remote Code Execution Vulnerability... Read more

    Affected Products : raw_image_extension
    • EPSS Score: %0.91
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42949

    The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.... Read more

    Affected Products : hoteldruid
    • EPSS Score: %37.38
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-18861

    Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.... Read more

    Affected Products : pcman_ftp_server
    • EPSS Score: %2.58
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292016 Results