Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2022-27513

    Remote desktop takeover via phishing ... Read more

    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-16045

    Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : android chrome
    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-29827

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ... Read more

    Affected Products : endpoint_manager
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-29824

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.... Read more

    Affected Products : endpoint_manager
    • Actively Exploited
    • Published: May. 31, 2024
    • Modified: Nov. 29, 2024

  • 9.6

    CRITICAL
    CVE-2024-29825

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.... Read more

    Affected Products : endpoint_manager
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-29822

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ... Read more

    Affected Products : endpoint_manager
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-29826

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.... Read more

    Affected Products : endpoint_manager
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-36283

    HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a conf... Read more

    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2015-5211

    Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script ext... Read more

    Affected Products : debian_linux spring_framework
    • Published: May. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-12371

    A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a use... Read more

    Affected Products : webex_meetings
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2016-5580

    Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services.... Read more

    Affected Products : secure_global_desktop
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2017-10089

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple p... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2017-10090

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attac... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2014-1427

    A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.... Read more

    Affected Products : metal_as_a_service
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-27107

    Weak account password in GE HealthCare EchoPAC products... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-27098

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been pa... Read more

    Affected Products : glpi
    • Published: Mar. 18, 2024
    • Modified: Jan. 02, 2025

  • 9.6

    CRITICAL
    CVE-2020-15781

    A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim ... Read more

    Affected Products : sicam_a8000_firmware sicam_a8000
    • Published: Aug. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-28149

    myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS.... Read more

    Affected Products : mydbr
    • Published: Mar. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21124

    Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-41372

    A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 ... Read more

    Affected Products : power_bi_report_server
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293344 Results