Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2021-21110

    Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • EPSS Score: %23.07
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-12371

    A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a use... Read more

    Affected Products : webex_meetings
    • EPSS Score: %2.15
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2016-5580

    Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services.... Read more

    Affected Products : secure_global_desktop
    • EPSS Score: %0.50
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2017-10089

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple p... Read more

    • EPSS Score: %0.36
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-10090

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attac... Read more

    • EPSS Score: %0.42
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2020-15781

    A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim ... Read more

    Affected Products : sicam_a8000_firmware sicam_a8000
    • EPSS Score: %0.50
    • Published: Aug. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21107

    Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : linux_kernel fedora debian_linux chrome
    • EPSS Score: %1.31
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21124

    Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %9.40
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-16068

    Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    • EPSS Score: %1.66
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-41372

    A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 ... Read more

    Affected Products : power_bi_report_server
    • EPSS Score: %0.37
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-5521

    VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader ... Read more

    Affected Products : workstation esxi fusion
    • EPSS Score: %0.42
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-20254

    Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected ... Read more

    • EPSS Score: %4.95
    • Published: Feb. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-26427

    Microsoft Exchange Server Remote Code Execution Vulnerability... Read more

    Affected Products : exchange_server
    • EPSS Score: %0.69
    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-29822

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ... Read more

    Affected Products : endpoint_manager
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-4924

    Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome
    • EPSS Score: %0.75
    • Published: Jul. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-15963

    Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.... Read more

    • EPSS Score: %1.51
    • Published: Sep. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-10087

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticate... Read more

    • EPSS Score: %0.42
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2022-22759

    If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulne... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.19
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025

  • 9.6

    CRITICAL
    CVE-2021-37981

    Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : debian_linux chrome edge_chromium
    • EPSS Score: %1.62
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-26384

    If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vul... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.10
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025
Showing 20 of 291541 Results