Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-2746

    The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (... Read more

    Affected Products : enhanced_him
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-2478

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitL... Read more

    Affected Products : gitlab
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 9.6

    CRITICAL
    CVE-2023-2318

    DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text fro... Read more

    Affected Products : linux_kernel macos windows marktext
    • Published: Aug. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-41724

    A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. ... Read more

    Affected Products : standalone_sentry
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-5759

    Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    • Published: Feb. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-29119

    Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php.... Read more

    Affected Products : waybox_pro_firmware waybox_pro
    • Published: Nov. 05, 2024
    • Modified: Nov. 08, 2024

  • 9.6

    CRITICAL
    CVE-2020-28589

    An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to... Read more

    Affected Products : tinyobjloader
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-28727

    Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.... Read more

    Affected Products : aiseg2_firmware aiseg2
    • Published: Mar. 31, 2023
    • Modified: Feb. 12, 2025

  • 9.6

    CRITICAL
    CVE-2023-28347

    An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulner... Read more

    Affected Products : windows insight
    • Published: May. 31, 2023
    • Modified: Jan. 13, 2025

  • 9.6

    CRITICAL
    CVE-2023-27898

    Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting ... Read more

    Affected Products : jenkins
    • Published: Mar. 10, 2023
    • Modified: Feb. 28, 2025

  • 9.6

    CRITICAL
    CVE-2023-27501

    SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Mar. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-27269

    SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available se... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Mar. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-25168

    Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to u... Read more

    Affected Products : wings
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-21247

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login page. This listener decodes and deserializes the `data` que... Read more

    Affected Products : onedev
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-24492

    A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. ... Read more

    Affected Products : ubuntu_linux secure_access_client
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-7519

    Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunde... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 9.6

    CRITICAL
    CVE-2017-12372

    A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a use... Read more

    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2016-7277

    Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."... Read more

    Affected Products : office
    • Published: Dec. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2018-18864

    Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.... Read more

    Affected Products : enterprise_va_max
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-17462

    Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.... Read more

    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292764 Results