Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-28235

    Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.... Read more

    Affected Products : etcd
    • EPSS Score: %0.44
    • Published: Apr. 04, 2023
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2021-27023

    A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007... Read more

    • EPSS Score: %0.26
    • Published: Nov. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25289

    An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for C... Read more

    Affected Products : pillow
    • EPSS Score: %0.21
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-25216

    In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulner... Read more

    • EPSS Score: %24.72
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2001-1125

    Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.... Read more

    Affected Products : liveupdate
    • EPSS Score: %4.58
    • Published: Oct. 05, 2001
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2020-6825

    Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.70
    • Published: Apr. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-5311

    libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.... Read more

    Affected Products : ubuntu_linux fedora debian_linux pillow
    • EPSS Score: %1.21
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26376

    A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network r... Read more

    • EPSS Score: %0.31
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-36318

    In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.... Read more

    Affected Products : rust
    • EPSS Score: %0.39
    • Published: Apr. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35527

    In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.... Read more

    • EPSS Score: %0.17
    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-1999-0066

    AnyForm CGI remote execution.... Read more

    Affected Products : anyform
    • EPSS Score: %12.38
    • Published: Jul. 31, 1995
    • Modified: Apr. 03, 2025

  • 9.7

    HIGH
    CVE-2019-5397

    A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.... Read more

    • EPSS Score: %1.28
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.7

    HIGH
    CVE-2014-5422

    CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors.... Read more

    Affected Products : pyxis_supplystation
    • EPSS Score: %0.42
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 9.7

    HIGH
    CVE-2020-35800

    Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.... Read more

    • EPSS Score: %1.25
    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.7

    HIGH
    CVE-2019-5399

    A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.... Read more

    • EPSS Score: %0.65
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.7

    HIGH
    CVE-2016-2297

    Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."... Read more

    • EPSS Score: %1.59
    • Published: May. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.7

    HIGH
    CVE-2019-5396

    A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.... Read more

    • EPSS Score: %1.29
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.7

    HIGH
    CVE-2014-2046

    cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePa... Read more

    Affected Products : pipa_c211_web_interface pipa_c211
    • EPSS Score: %10.94
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 9.7

    HIGH
    CVE-2015-8214

    A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), ... Read more

    • EPSS Score: %1.35
    • Published: Nov. 27, 2015
    • Modified: Apr. 12, 2025

  • 9.7

    HIGH
    CVE-2006-1866

    Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial co... Read more

    Affected Products : database_server
    • EPSS Score: %5.18
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291562 Results