Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2000-0947

    Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.... Read more

    Affected Products : cfengine
    • EPSS Score: %0.92
    • Published: Dec. 19, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0525

    OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.... Read more

    Affected Products : openssh
    • EPSS Score: %0.90
    • Published: Jun. 08, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0911

    Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.... Read more

    Affected Products : proftpd
    • EPSS Score: %21.29
    • Published: Aug. 27, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2015-4473

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via... Read more

    • EPSS Score: %2.75
    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2021-40401

    A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a mali... Read more

    Affected Products : fedora debian_linux gerbv
    • EPSS Score: %0.28
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-40394

    An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code executi... Read more

    Affected Products : debian_linux gerbv
    • EPSS Score: %0.56
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-40391

    An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attack... Read more

    Affected Products : fedora debian_linux gerbv
    • EPSS Score: %0.48
    • Published: Nov. 19, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-4428

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler b... Read more

    • EPSS Score: %13.60
    • Published: Jul. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2025-47812

    In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP serv... Read more

    Affected Products : wing_ftp_server
    • Actively Exploited
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-34028

    The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Exe... Read more

    Affected Products : linux_kernel windows commvault
    • Actively Exploited
    • Published: Apr. 22, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Path Traversal

  • 10.0

    HIGH
    CVE-2020-15421

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-31324

    SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the ... Read more

    Affected Products : netweaver
    • Actively Exploited
    • Published: Apr. 24, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-27364

    In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server tha... Read more

    Affected Products : caldera
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-20309

    A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root accoun... Read more

    Affected Products : unified_communications_manager
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2021-30805

    A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privile... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %1.62
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-30793

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %1.62
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-1999-0268

    MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.... Read more

    Affected Products : metaweb
    • EPSS Score: %2.82
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-45519

    The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.... Read more

    • Actively Exploited
    • Published: Oct. 02, 2024
    • Modified: Feb. 25, 2025

  • 10.0

    CRITICAL
    CVE-2024-44148

    This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Sep. 17, 2024
    • Modified: Mar. 14, 2025

  • 10.0

    CRITICAL
    CVE-2024-44102

    A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with... Read more

    Affected Products : telecontrol_server_basic
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024
Showing 20 of 291589 Results