Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-3043

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability... Read more

    Affected Products : megarac_sp-x megarac_spx
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-39655

    A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, le... Read more

    Affected Products : couchauth
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.6

    CRITICAL
    CVE-2018-7360

    All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service.... Read more

    Affected Products : zxhn_f670_firmware zxhn_f670
    • Published: Nov. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-6152

    The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potential... Read more

    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-6127

    Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-39007

    /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.... Read more

    Affected Products : opnsense
    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-3694

    LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.... Read more

    Affected Products : debian_linux ledgersmb
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-29823

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ... Read more

    Affected Products : endpoint_manager
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-28074

    It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability.... Read more

    Affected Products : access_rights_manager
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-36735

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Sep. 15, 2023
    • Modified: Jan. 01, 2025

  • 9.6

    CRITICAL
    CVE-2024-23475

    The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.... Read more

    Affected Products : access_rights_manager
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-23471

    The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. ... Read more

    Affected Products : access_rights_manager
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-23467

    The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.... Read more

    Affected Products : access_rights_manager
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-42498

    Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script ... Read more

    • Published: Feb. 21, 2024
    • Modified: Jan. 28, 2025

  • 9.6

    CRITICAL
    CVE-2023-39336

    An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under speci... Read more

    Affected Products : endpoint_manager
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 9.6

    CRITICAL
    CVE-2018-3892

    An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traf... Read more

    • Published: Nov. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-33150

    Microsoft Office Security Feature Bypass Vulnerability... Read more

    • Published: Jul. 11, 2023
    • Modified: Feb. 28, 2025

  • 9.6

    CRITICAL
    CVE-2023-27905

    Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hostin... Read more

    Affected Products : update-center2
    • Published: Mar. 10, 2023
    • Modified: Feb. 28, 2025

  • 9.6

    CRITICAL
    CVE-2023-27500

    An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailab... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Mar. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-3679

    Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.... Read more

    Affected Products : data_center_manager
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292876 Results