Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-43654

    TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be take... Read more

    Affected Products : torchserve
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-5655

    TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.... Read more

    • Published: Jan. 16, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5656

    TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that contro... Read more

    • Published: Jan. 16, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2016-10174

    The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.... Read more

    • Actively Exploited
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-35082

    An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced ear... Read more

    Affected Products : endpoint_manager_mobile
    • Actively Exploited
    • Published: Aug. 15, 2023
    • Modified: Dec. 26, 2024

  • 10.0

    HIGH
    CVE-2019-15310

    An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 bu... Read more

    Affected Products : linkplay
    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10188

    utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.... Read more

    • Published: Mar. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17006

    In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow... Read more

    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-52218

    Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8. ... Read more

    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15260

    A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain UR... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-52225

    Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1. ... Read more

    Affected Products : taggbox
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-5635

    Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors.... Read more

    Affected Products : support_incident_tracker
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-5151

    Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.... Read more

    Affected Products : firefox ubuntu_linux
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-5617

    Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images.... Read more

    Affected Products : player workstation
    • Published: Oct. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5610

    The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument.... Read more

    Affected Products : instant_support
    • Published: Jun. 04, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-51505

    Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerc... Read more

    Affected Products : woot
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51438

    A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with ma... Read more

    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51411

    Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3. ... Read more

    Affected Products : frontend_admin
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-7779

    Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner... Read more

    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11563

    D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker... Read more

    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293494 Results