Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-1999-0937

    BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.... Read more

    Affected Products :
    • EPSS Score: %2.01
    • Published: Dec. 03, 1998
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0853

    Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.... Read more

    Affected Products : enterprise_server fasttrack_server
    • EPSS Score: %0.93
    • Published: Dec. 01, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0452

    A service or application has a backdoor password that was placed there by the developer.... Read more

    Affected Products :
    • EPSS Score: %0.48
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0204

    Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.... Read more

    Affected Products : sendmail
    • EPSS Score: %6.71
    • Published: Jan. 01, 1997
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2025-20188

    A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to up... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2024-5991

    In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be N... Read more

    Affected Products : wolfssl
    • Published: Aug. 27, 2024
    • Modified: Sep. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-44146

    A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Sep. 17, 2024
    • Modified: Mar. 25, 2025

  • 10.0

    CRITICAL
    CVE-2024-38999

    jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products :
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-22515

    Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluenc... Read more

    • Actively Exploited
    • EPSS Score: %94.36
    • Published: Oct. 04, 2023
    • Modified: Feb. 09, 2025

  • 10.0

    HIGH
    CVE-2022-22954

    VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code executi... Read more

    • Actively Exploited
    • EPSS Score: %94.44
    • Published: Apr. 11, 2022
    • Modified: Mar. 12, 2025

  • 10.0

    CRITICAL
    CVE-2021-41556

    sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of ... Read more

    Affected Products : fedora squirrel
    • EPSS Score: %0.56
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37716

    A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN S... Read more

    • EPSS Score: %1.58
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3466

    A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulner... Read more

    Affected Products : enterprise_linux fedora libmicrohttpd
    • EPSS Score: %0.42
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34473

    Microsoft Exchange Server Remote Code Execution Vulnerability... Read more

    Affected Products : exchange_server
    • Actively Exploited
    • EPSS Score: %94.24
    • Published: Jul. 14, 2021
    • Modified: Feb. 24, 2025

  • 10.0

    HIGH
    CVE-2021-32935

    The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation.... Read more

    Affected Products : in-sight_opc_server
    • EPSS Score: %0.32
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26897

    Windows DNS Server Remote Code Execution Vulnerability... Read more

    • EPSS Score: %10.79
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-23165

    A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.... Read more

    Affected Products : htmldoc
    • EPSS Score: %0.38
    • Published: Mar. 16, 2022
    • Modified: Feb. 05, 2025

  • 10.0

    HIGH
    CVE-2021-2394

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthentica... Read more

    Affected Products : weblogic_server
    • EPSS Score: %90.66
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-4415

    IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associat... Read more

    Affected Products : spectrum_protect
    • EPSS Score: %24.57
    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3742

    Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .... Read more

    • EPSS Score: %4.79
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291275 Results