Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-22782

    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Succes... Read more

    Affected Products : arubaos instantos
    • EPSS Score: %0.88
    • Published: May. 08, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2023-22747

    There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitat... Read more

    Affected Products : arubaos sd-wan
    • EPSS Score: %0.93
    • Published: Mar. 01, 2023
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2018-2368

    SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.... Read more

    • EPSS Score: %3.17
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-2402

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass inten... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.25
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-22741

    Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-fl... Read more

    Affected Products : sofia-sip
    • EPSS Score: %1.48
    • Published: Jan. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18210

    In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.34
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22727

    CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in... Read more

    Affected Products : cakephp
    • EPSS Score: %0.30
    • Published: Jan. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22752

    There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploit... Read more

    Affected Products : arubaos sd-wan
    • EPSS Score: %2.19
    • Published: Mar. 01, 2023
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-28701

    ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service.... Read more

    Affected Products : webfax
    • EPSS Score: %0.33
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22671

    Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.... Read more

    Affected Products : ghidra
    • EPSS Score: %3.61
    • Published: Jan. 06, 2023
    • Modified: Apr. 07, 2025

  • 9.8

    CRITICAL
    CVE-2017-16634

    In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.14
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15531

    Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.... Read more

    Affected Products : reporter
    • EPSS Score: %6.56
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7521

    Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 9.8

    CRITICAL
    CVE-2017-14138

    ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.32
    • Published: Sep. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14089

    An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.... Read more

    Affected Products : officescan
    • EPSS Score: %31.50
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2018-25105

    The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary file... Read more

    Affected Products : file_manager file_manager
    • Published: Oct. 16, 2024
    • Modified: Oct. 30, 2024

  • 9.8

    CRITICAL
    CVE-2018-25095

    The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the s... Read more

    Affected Products : duplicator
    • EPSS Score: %0.66
    • Published: Jan. 08, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-25016

    Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.... Read more

    • EPSS Score: %0.51
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-25025

    An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.... Read more

    Affected Products : actix-web
    • EPSS Score: %0.36
    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-25017

    RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable.... Read more

    Affected Products : rawspeed
    • EPSS Score: %0.55
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292732 Results