Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2003-0545

    Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.... Read more

    Affected Products : openssl
    • EPSS Score: %71.74
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2013-2325

    Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633.... Read more

    Affected Products : storage_data_protector
    • EPSS Score: %53.18
    • Published: Jun. 06, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-3331

    Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.... Read more

    • EPSS Score: %2.03
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-3335

    Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.... Read more

    • EPSS Score: %4.00
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-3341

    Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-20... Read more

    Affected Products : acrobat acrobat_reader
    • EPSS Score: %18.88
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-3120

    Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.... Read more

    Affected Products : chrome
    • EPSS Score: %0.77
    • Published: Aug. 24, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1973

    Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers ... Read more

    • EPSS Score: %4.25
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-2935

    costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.... Read more

    Affected Products : caldera
    • EPSS Score: %1.53
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-1679

    Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitr... Read more

    • EPSS Score: %2.17
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2005-3764

    The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML.... Read more

    Affected Products : exponent
    • EPSS Score: %0.40
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-18502

    Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vu... Read more

    Affected Products : firefox ubuntu_linux
    • EPSS Score: %5.24
    • Published: Feb. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-17118

    Microsoft SharePoint Remote Code Execution Vulnerability... Read more

    • EPSS Score: %11.17
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0444

    Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RA... Read more

    Affected Products : wireshark
    • EPSS Score: %6.12
    • Published: Jan. 13, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-3347

    Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute ar... Read more

    • EPSS Score: %9.99
    • Published: Jul. 10, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2025-20281

    A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vuln... Read more

    • Actively Exploited
    • Published: Jun. 25, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2022-28349

    Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.... Read more

    • EPSS Score: %0.38
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-30012

    The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this mal... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-20337

    A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vuln... Read more

    • Actively Exploited
    • Published: Jul. 16, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2024-47875

    DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.... Read more

    Affected Products : dompurify
    • Published: Oct. 11, 2024
    • Modified: Oct. 15, 2024

  • 10.0

    CRITICAL
    CVE-2024-4040

    A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain admini... Read more

    Affected Products : crushftp
    • Actively Exploited
    • Published: Apr. 22, 2024
    • Modified: Jan. 27, 2025
Showing 20 of 291541 Results