Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2017-10089

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple p... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-10090

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attac... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2014-1427

    A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.... Read more

    Affected Products : metal_as_a_service
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-27107

    Weak account password in GE HealthCare EchoPAC products... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-27098

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been pa... Read more

    Affected Products : glpi
    • Published: Mar. 18, 2024
    • Modified: Jan. 02, 2025

  • 9.6

    CRITICAL
    CVE-2020-15781

    A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim ... Read more

    Affected Products : sicam_a8000_firmware sicam_a8000
    • Published: Aug. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-28149

    myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS.... Read more

    Affected Products : mydbr
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21124

    Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-41372

    A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 ... Read more

    Affected Products : power_bi_report_server
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-20254

    Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected ... Read more

    • Published: Feb. 07, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-26427

    Microsoft Exchange Server Remote Code Execution Vulnerability... Read more

    Affected Products : exchange_server
    • Published: Oct. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-26020

    An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.... Read more

    Affected Products : anki anki
    • Published: Jul. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-27224

    In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.... Read more

    Affected Products : theia
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26899

    Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before... Read more

    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26898

    NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings.... Read more

    Affected Products : rax40_firmware rax40
    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26906

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 b... Read more

    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26900

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 b... Read more

    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26831

    SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XM... Read more

    • Published: Dec. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-24593

    A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation o... Read more

    Affected Products : clearml
    • Published: Feb. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26299

    ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined roo... Read more

    Affected Products : ftp-srv
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293329 Results