Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-12292

    A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3.... Read more

    Affected Products : pale_moon
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-47732

    Microsoft Dataverse Remote Code Execution Vulnerability... Read more

    Affected Products : dataverse
    • Published: May. 08, 2025
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-44640

    Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).... Read more

    Affected Products : samba heimdal
    • Published: Dec. 25, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2018-12113

    Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.... Read more

    Affected Products : core_ftp
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12171

    Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.... Read more

    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12055

    Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.... Read more

    Affected Products : schools_alert_management_script
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12071

    A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.... Read more

    Affected Products : codeigniter
    • Published: Jun. 17, 2018
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2018-12052

    SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.... Read more

    Affected Products : schools_alert_management_script
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12064

    tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h.... Read more

    Affected Products : tinyexr
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12026

    During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could resul... Read more

    Affected Products : passenger phusion_passenger
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11955

    Lack of check on length of reason-code fetched from payload may lead driver access the memory not allocated to the frame and results in out of bound read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon... Read more

    • Published: Jun. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11945

    Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon In... Read more

    • Published: Feb. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11922

    Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.... Read more

    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-53763

    Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : office_purview_data_governance
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2018-11801

    SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.... Read more

    Affected Products : fineract
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11792

    In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which... Read more

    Affected Products : impala
    • Published: Oct. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11779

    In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.... Read more

    Affected Products : storm
    • Published: Jul. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11788

    Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mi... Read more

    Affected Products : karaf
    • Published: Jan. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-21311

    Windows NTLM V1 Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2018-11746

    In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Dis... Read more

    Affected Products : discovery
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293261 Results