Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-27898

    Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting ... Read more

    Affected Products : jenkins
    • EPSS Score: %0.91
    • Published: Mar. 10, 2023
    • Modified: Feb. 28, 2025

  • 9.6

    CRITICAL
    CVE-2022-0977

    Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.51
    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-0790

    Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.89
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-0452

    Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.32
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-43905

    Microsoft Office app Remote Code Execution Vulnerability... Read more

    Affected Products : office 365_copilot
    • EPSS Score: %0.77
    • Published: Dec. 15, 2021
    • Modified: Jun. 11, 2025

  • 9.6

    CRITICAL
    CVE-2021-23037

    On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the cont... Read more

    • EPSS Score: %1.18
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21201

    Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • EPSS Score: %1.06
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-16024

    Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.88
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-5870

    Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome
    • EPSS Score: %0.36
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-12368

    A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a use... Read more

    • EPSS Score: %2.15
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-10111

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with ... Read more

    • EPSS Score: %1.26
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2016-4734

    WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE... Read more

    Affected Products : iphone_os tvos safari
    • EPSS Score: %8.40
    • Published: Sep. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2016-3598

    Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.... Read more

    Affected Products : jdk jre linux
    • EPSS Score: %10.14
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2024-4947

    Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Actively Exploited
    • Published: May. 15, 2024
    • Modified: Nov. 27, 2024

  • 9.6

    CRITICAL
    CVE-2024-4558

    Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: May. 07, 2024
    • Modified: Dec. 20, 2024

  • 9.6

    CRITICAL
    CVE-2024-38824

    Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.... Read more

    Affected Products : salt
    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Path Traversal

  • 9.6

    CRITICAL
    CVE-2024-29827

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ... Read more

    Affected Products : endpoint_manager
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-12108

    In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.... Read more

    Affected Products : windows whatsup_gold
    • Published: Dec. 31, 2024
    • Modified: Jan. 06, 2025

  • 9.6

    CRITICAL
    CVE-2023-32725

    The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.... Read more

    Affected Products : zabbix frontend zabbix_server
    • EPSS Score: %0.20
    • Published: Dec. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-32722

    The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.... Read more

    Affected Products : zabbix
    • EPSS Score: %0.27
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291358 Results