Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-32725

    The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.... Read more

    Affected Products : zabbix frontend zabbix_server
    • EPSS Score: %0.20
    • Published: Dec. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-32722

    The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.... Read more

    Affected Products : zabbix
    • EPSS Score: %0.27
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-2136

    Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Actively Exploited
    • EPSS Score: %0.39
    • Published: Apr. 19, 2023
    • Modified: Feb. 19, 2025

  • 9.6

    CRITICAL
    CVE-2021-38002

    Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.83
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21132

    Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %15.76
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-10784

    phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker... Read more

    Affected Products : phppgadmin
    • EPSS Score: %0.43
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-5053

    An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexO... Read more

    • EPSS Score: %1.39
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-10086

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols... Read more

    • EPSS Score: %1.46
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2016-3606

    Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.... Read more

    Affected Products : jdk jre linux
    • EPSS Score: %2.99
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2023-41724

    A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. ... Read more

    Affected Products : standalone_sentry
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2013-3486

    IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability... Read more

    Affected Products : flashpix_plugin
    • EPSS Score: %0.85
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-53964

    GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary.... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2024-9369

    Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 27, 2024
    • Modified: Jan. 02, 2025

  • 9.6

    CRITICAL
    CVE-2024-8980

    The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA t... Read more

    • Published: Oct. 22, 2024
    • Modified: Dec. 10, 2024

  • 9.6

    CRITICAL
    CVE-2024-6107

    Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 9.6

    CRITICAL
    CVE-2024-5274

    Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Actively Exploited
    • Published: May. 28, 2024
    • Modified: Nov. 27, 2024

  • 9.6

    CRITICAL
    CVE-2024-23466

    SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. ... Read more

    Affected Products : access_rights_manager
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-35618

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability... Read more

    Affected Products : edge_chromium
    • EPSS Score: %0.48
    • Published: Dec. 07, 2023
    • Modified: Jan. 01, 2025

  • 9.6

    CRITICAL
    CVE-2023-20192

    Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write c... Read more

    • EPSS Score: %0.21
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-0290

    Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %1.01
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291293 Results