Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2023-24492

    A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. ... Read more

    Affected Products : ubuntu_linux secure_access_client
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-7519

    Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunde... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 9.6

    CRITICAL
    CVE-2017-12372

    A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a use... Read more

    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.6

    CRITICAL
    CVE-2016-7277

    Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."... Read more

    Affected Products : office
    • Published: Dec. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.6

    CRITICAL
    CVE-2018-18864

    Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.... Read more

    Affected Products : enterprise_va_max
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-17462

    Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.... Read more

    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-16068

    Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-15758

    Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attack... Read more

    Affected Products : spring_security_oauth
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-15474

    CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a... Read more

    Affected Products : dokuwiki
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2023-32680

    Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirem... Read more

    Affected Products : metabase
    • Published: May. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2024-28739

    An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter.... Read more

    Affected Products : koha
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 9.6

    CRITICAL
    CVE-2018-11314

    The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.... Read more

    Affected Products : roku_firmware roku
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.5

    CRITICAL
    CVE-2025-2516

    The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the upda... Read more

    Affected Products : wps_office
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cryptography

  • 9.5

    CRITICAL
    CVE-2024-50388

    An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid B... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.5

    CRITICAL
    CVE-2024-1243

    Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine accoun... Read more

    Affected Products : wazuh
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.5

    CRITICAL
    CVE-2024-52329

    ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.5

    CRITICAL
    CVE-2024-50389

    A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.5

    CRITICAL
    CVE-2024-48860

    An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 9.5

    CRITICAL
    CVE-2025-4318

    The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.5

    CRITICAL
    CVE-2025-5333

    Remote attackers can execute arbitrary code in the context of the vulnerable service process.... Read more

    Affected Products :
    • Published: Jul. 06, 2025
    • Modified: Jul. 08, 2025
Showing 20 of 293329 Results