Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2020-16016

    Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome
    • EPSS Score: %0.39
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-16011

    Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    • EPSS Score: %1.60
    • Published: Nov. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-15999

    Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    • Actively Exploited
    • EPSS Score: %93.15
    • Published: Nov. 03, 2020
    • Modified: Feb. 05, 2025

  • 9.6

    CRITICAL
    CVE-2018-17472

    Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.... Read more

    • EPSS Score: %0.90
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-0973

    Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.54
    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2015-8789

    Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML d... Read more

    Affected Products : libebml
    • EPSS Score: %0.38
    • Published: Jan. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2021-38013

    Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    • EPSS Score: %1.33
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-37973

    Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Actively Exploited
    • EPSS Score: %19.20
    • Published: Oct. 08, 2021
    • Modified: Feb. 03, 2025

  • 9.6

    CRITICAL
    CVE-2021-3694

    LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.... Read more

    Affected Products : debian_linux ledgersmb
    • EPSS Score: %0.62
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-42989

    RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025

  • 9.6

    CRITICAL
    CVE-2021-3693

    LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.... Read more

    Affected Products : debian_linux ledgersmb
    • EPSS Score: %1.76
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2025-3835

    Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.... Read more

    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025

  • 9.6

    CRITICAL
    CVE-2025-27203

    Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed.... Read more

    Affected Products : connect windows
    • Published: Jul. 08, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2021-30633

    Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • Actively Exploited
    • EPSS Score: %46.78
    • Published: Oct. 08, 2021
    • Modified: Feb. 19, 2025

  • 9.6

    CRITICAL
    CVE-2021-30571

    Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.24
    • Published: Aug. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-52308

    The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remot... Read more

    Affected Products : cli
    • Published: Nov. 14, 2024
    • Modified: Nov. 20, 2024

  • 9.6

    CRITICAL
    CVE-2024-29826

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.... Read more

    Affected Products : endpoint_manager
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-29823

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ... Read more

    Affected Products : endpoint_manager
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21142

    Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora chrome macos
    • EPSS Score: %0.61
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21115

    User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • EPSS Score: %1.31
    • Published: Jan. 08, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291269 Results