Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2018-6221

    An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own.... Read more

    Affected Products : email_encryption_gateway
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-39222

    Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running... Read more

    Affected Products : dex
    • Published: Oct. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-41559

    The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vuln... Read more

    Affected Products : nimbus
    • Published: Dec. 06, 2022
    • Modified: Apr. 22, 2025

  • 9.3

    CRITICAL
    CVE-2022-34380

    Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the Cl... Read more

    Affected Products : cloudlink
    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-5210

    Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in scri... Read more

    Affected Products : phpblock
    • Published: Nov. 24, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-0499

    Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valit... Read more

    Affected Products : videospirit_lite videospirit_pro
    • Published: Jan. 20, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2022-31572

    The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : cockybook
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-43409

    The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the applica... Read more

    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-43844

    MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. MSEdgeRedirect versions before 0.5.0.1 are vulnerable to Remote Code Execution via specifically crafted URLs. This vulnerability requires user inter... Read more

    Affected Products : msedgeredirect
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-36949

    In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.... Read more

    Affected Products : netbackup
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-41171

    A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to s... Read more

    Affected Products : sinumerik_one_firmware
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 9.3

    HIGH
    CVE-2008-6959

    Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastError method. NOTE: this might be related to CVE-2008-16... Read more

    Affected Products : chilkat_socket
    • Published: Aug. 12, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2014-0514

    The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.... Read more

    Affected Products : acrobat_reader adobe_reader
    • Published: Apr. 15, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-6760

    An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to ... Read more

    Affected Products : android linux_kernel
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2024-21807

    Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 9.3

    CRITICAL
    CVE-2024-25293

    mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.... Read more

    Affected Products : mjml mjml_app
    • Published: Mar. 01, 2024
    • Modified: May. 13, 2025

  • 9.3

    CRITICAL
    CVE-2022-33269

    Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.... Read more

    • Published: Apr. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-52959

    A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 9.3

    CRITICAL
    CVE-2024-55949

    MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue ... Read more

    Affected Products : minio
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.3

    HIGH
    CVE-2011-2654

    The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partia... Read more

    Affected Products : cloud_manager
    • Published: Sep. 06, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 292803 Results