Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2022-4924

    Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome
    • EPSS Score: %0.75
    • Published: Jul. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-15963

    Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.... Read more

    • EPSS Score: %1.51
    • Published: Sep. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-10087

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticate... Read more

    • EPSS Score: %0.42
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2022-22759

    If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulne... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.19
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025

  • 9.6

    CRITICAL
    CVE-2021-37981

    Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : debian_linux chrome edge_chromium
    • EPSS Score: %1.62
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-26384

    If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vul... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.10
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025

  • 9.6

    CRITICAL
    CVE-2020-13292

    In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.09
    • Published: Aug. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-43523

    In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or i... Read more

    Affected Products : uclibc-ng uclibc
    • EPSS Score: %2.39
    • Published: Nov. 10, 2021
    • Modified: May. 05, 2025

  • 9.6

    CRITICAL
    CVE-2023-47797

    Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.... Read more

    Affected Products : liferay_portal
    • EPSS Score: %0.15
    • Published: Nov. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-36180

    Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.... Read more

    Affected Products : fusiondirectory
    • EPSS Score: %0.18
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.6

    CRITICAL
    CVE-2023-52138

    Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Ar... Read more

    Affected Products : engrampa
    • EPSS Score: %1.88
    • Published: Feb. 05, 2024
    • Modified: Feb. 13, 2025

  • 9.6

    CRITICAL
    CVE-2024-33006

    An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system.  ... Read more

    Affected Products : netweaver_application_server_abap
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-28231

    eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS pr... Read more

    Affected Products : fast_dds
    • Published: Mar. 20, 2024
    • Modified: Jun. 30, 2025

  • 9.6

    CRITICAL
    CVE-2024-7024

    Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome
    • Published: Sep. 23, 2024
    • Modified: Jan. 02, 2025

  • 9.6

    CRITICAL
    CVE-2021-28550

    Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitr... Read more

    • Actively Exploited
    • EPSS Score: %22.40
    • Published: Sep. 02, 2021
    • Modified: Feb. 13, 2025

  • 9.6

    CRITICAL
    CVE-2024-23477

    The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. ... Read more

    Affected Products : access_rights_manager
    • EPSS Score: %1.41
    • Published: Feb. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-1309

    Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.78
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2016-0003

    Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."... Read more

    Affected Products : edge
    • EPSS Score: %8.22
    • Published: Jan. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2024-22093

    When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary.  Note: Software vers... Read more

    • EPSS Score: %0.38
    • Published: Feb. 14, 2024
    • Modified: Jan. 23, 2025

  • 9.6

    CRITICAL
    CVE-2017-1002101

    In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside o... Read more

    Affected Products : kubernetes
    • EPSS Score: %33.57
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291316 Results