Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2022-27626

    A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary comma... Read more

    • Published: Oct. 20, 2022
    • Modified: Jan. 14, 2025

  • 10.0

    HIGH
    CVE-2022-25163

    Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi El... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11767

    ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".... Read more

    Affected Products : chakracore
    • Published: Nov. 02, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2022-20705

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more

    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11467

    OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : orientdb
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11308

    Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in th... Read more

    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11307

    Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution ... Read more

    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11302

    An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : indesign
    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-11291

    An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.... Read more

    Affected Products : connect
    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11253

    Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution ... Read more

    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11240

    Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution ... Read more

    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-43242

    Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6.... Read more

    Affected Products : ultimate_membership_pro
    • Published: Aug. 19, 2024
    • Modified: Sep. 06, 2024

  • 10.0

    HIGH
    CVE-2017-11351

    Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.... Read more

    Affected Products : mu553s_firmware mu553s
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2024-43243

    Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through 1.2.6.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    HIGH
    CVE-2017-11293

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Su... Read more

    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11274

    Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : digital_editions
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2021-37535

    SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.... Read more

    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-35211

    Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarW... Read more

    Affected Products : serv-u
    • Actively Exploited
    • Published: Jul. 14, 2021
    • Modified: Mar. 12, 2025

  • 10.0

    HIGH
    CVE-2017-11011

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 835, a Use After Free condition can occur in a communication API.... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11006

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning.... Read more

    Affected Products : android
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292795 Results