Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2000-0488

    Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.... Read more

    Affected Products : ithouse_mail_server
    • EPSS Score: %2.38
    • Published: May. 30, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0618

    The rexec service is running.... Read more

    Affected Products :
    • EPSS Score: %0.48
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2025-54253

    Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation... Read more

    • Published: Aug. 05, 2025
    • Modified: Aug. 13, 2025

  • 10.0

    CRITICAL
    CVE-2023-2825

    An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least... Read more

    Affected Products : gitlab
    • EPSS Score: %93.16
    • Published: May. 26, 2023
    • Modified: Jan. 15, 2025

  • 10.0

    HIGH
    CVE-2022-31800

    An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.... Read more

    • EPSS Score: %1.98
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-27625

    A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified ... Read more

    • EPSS Score: %1.46
    • Published: Oct. 20, 2022
    • Modified: Jan. 14, 2025

  • 10.0

    HIGH
    CVE-2022-24292

    Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.... Read more

    • EPSS Score: %8.52
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-2274

    The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will h... Read more

    • EPSS Score: %56.50
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44515

    Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise bu... Read more

    Affected Products : manageengine_desktop_central
    • Actively Exploited
    • EPSS Score: %94.31
    • Published: Dec. 12, 2021
    • Modified: Mar. 14, 2025

  • 10.0

    CRITICAL
    CVE-2021-4140

    It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.05
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025

  • 10.0

    CRITICAL
    CVE-2021-38503

    The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < ... Read more

    • EPSS Score: %1.39
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-33796

    In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. ... Read more

    Affected Products : mujs
    • EPSS Score: %0.08
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-33045

    The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.... Read more

    • Actively Exploited
    • EPSS Score: %94.12
    • Published: Sep. 15, 2021
    • Modified: Feb. 24, 2025

  • 10.0

    HIGH
    CVE-2021-32802

    Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user... Read more

    Affected Products : nextcloud_server notes
    • EPSS Score: %2.25
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-23281

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a speci... Read more

    Affected Products : intelligent_power_manager
    • EPSS Score: %0.58
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-22893

    Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform... Read more

    Affected Products : pulse_connect_secure connect_secure
    • Actively Exploited
    • EPSS Score: %93.51
    • Published: Apr. 23, 2021
    • Modified: Mar. 21, 2025

  • 10.0

    HIGH
    CVE-2021-1829

    A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • EPSS Score: %0.84
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-1479

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about th... Read more

    • EPSS Score: %2.12
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8445

    In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitte... Read more

    Affected Products : ossec
    • EPSS Score: %0.99
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7007

    In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.... Read more

    • EPSS Score: %0.41
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291015 Results