Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2020-0367

    There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455... Read more

    Affected Products : android
    • EPSS Score: %0.16
    • Published: Oct. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-10205

    Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component ).This issue aff... Read more

    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 9.4

    CRITICAL
    CVE-2024-21767

    A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request. ... Read more

    Affected Products :
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2025-4517

    Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract(... Read more

    Affected Products : python
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2025-54531

    In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2019-10919

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to prote... Read more

    Affected Products : logo\!8_bm_firmware logo\!8_bm
    • EPSS Score: %0.75
    • Published: May. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2007-5856

    Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.29
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    CRITICAL
    CVE-2023-44373

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M8... Read more

    • EPSS Score: %0.62
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2016-3543

    Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.... Read more

    • EPSS Score: %1.22
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2006-6535

    The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %1.10
    • Published: Jan. 30, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    CRITICAL
    CVE-2025-52939

    Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects NotepadNext: through v0.11.... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2020-8768

    An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examini... Read more

    • EPSS Score: %0.36
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-6665

    On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder ... Read more

    • EPSS Score: %0.84
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-19108

    An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.... Read more

    • EPSS Score: %0.57
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2014-5414

    Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.... Read more

    Affected Products : twincat embedded_pc_images
    • EPSS Score: %0.88
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2013-3658

    Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.... Read more

    Affected Products : esxi esx
    • EPSS Score: %0.69
    • Published: Sep. 10, 2013
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2020-8470

    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not re... Read more

    • EPSS Score: %1.12
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-6644

    Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if ... Read more

    • EPSS Score: %0.79
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-17638

    In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ... Read more

    Affected Products : jetty
    • EPSS Score: %27.65
    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2017-10917

    Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.... Read more

    Affected Products : xen
    • EPSS Score: %0.84
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291274 Results