Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2017-12368

    A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a use... Read more

    • EPSS Score: %2.15
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-10111

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with ... Read more

    • EPSS Score: %1.26
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2016-4734

    WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE... Read more

    Affected Products : iphone_os tvos safari
    • EPSS Score: %8.40
    • Published: Sep. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2016-3598

    Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.... Read more

    Affected Products : jdk jre linux
    • EPSS Score: %10.14
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2024-4947

    Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Actively Exploited
    • Published: May. 15, 2024
    • Modified: Nov. 27, 2024

  • 9.6

    CRITICAL
    CVE-2024-4558

    Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: May. 07, 2024
    • Modified: Dec. 20, 2024

  • 9.6

    CRITICAL
    CVE-2024-38824

    Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.... Read more

    Affected Products : salt
    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Path Traversal

  • 9.6

    CRITICAL
    CVE-2024-29827

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ... Read more

    Affected Products : endpoint_manager
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-12108

    In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.... Read more

    Affected Products : windows whatsup_gold
    • Published: Dec. 31, 2024
    • Modified: Jan. 06, 2025

  • 9.6

    CRITICAL
    CVE-2023-32725

    The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.... Read more

    Affected Products : zabbix frontend zabbix_server
    • EPSS Score: %0.20
    • Published: Dec. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-32722

    The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.... Read more

    Affected Products : zabbix
    • EPSS Score: %0.27
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-2136

    Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Actively Exploited
    • EPSS Score: %0.39
    • Published: Apr. 19, 2023
    • Modified: Feb. 19, 2025

  • 9.6

    CRITICAL
    CVE-2021-38002

    Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.83
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21132

    Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %15.76
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-10784

    phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker... Read more

    Affected Products : phppgadmin
    • EPSS Score: %0.43
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-5053

    An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexO... Read more

    • EPSS Score: %1.39
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-10086

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols... Read more

    • EPSS Score: %1.46
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2016-3606

    Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.... Read more

    Affected Products : jdk jre linux
    • EPSS Score: %2.99
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2023-41724

    A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. ... Read more

    Affected Products : standalone_sentry
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2013-3486

    IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability... Read more

    Affected Products : flashpix_plugin
    • EPSS Score: %0.85
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results