Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-44148

    This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Sep. 17, 2024
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2013-3356

    Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3353.... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • Published: Sep. 12, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2005-3142

    Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kaspersky Personal Security Suite 1.1 allows remote attackers to execute arbitrary code via a CAB file with large records after the header.... Read more

    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-3116

    Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet.... Read more

    Affected Products : netbackup
    • Published: Nov. 18, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-3068

    Unspecified vulnerability in Eric Integrated Development Environment (eric3) before 3.7.2 has unknown impact and attack vectors related to a "potential security exploit."... Read more

    • Published: Sep. 27, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-3400

    A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute ... Read more

    Affected Products : pan-os prisma_access
    • Actively Exploited
    • Published: Apr. 12, 2024
    • Modified: Nov. 29, 2024

  • 10.0

    HIGH
    CVE-2021-21985

    The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit ... Read more

    Affected Products : vcenter_server cloud_foundation
    • Actively Exploited
    • Published: May. 26, 2021
    • Modified: Apr. 02, 2025

  • 10.0

    CRITICAL
    CVE-2018-4091

    An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2000-0109

    The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.... Read more

    Affected Products : multicsp
    • Published: Jan. 31, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-2389

    In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary s... Read more

    Affected Products : flowmon_os flowmon
    • Published: Apr. 02, 2024
    • Modified: Feb. 07, 2025

  • 10.0

    CRITICAL
    CVE-2024-23108

    An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 throu... Read more

    Affected Products : fortisiem
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-22476

    Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-4996

    Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies."... Read more

    Affected Products : joomlalib
    • Published: Sep. 26, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-1403

    In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on ... Read more

    Affected Products : openedge
    • Published: Feb. 27, 2024
    • Modified: Feb. 11, 2025

  • 10.0

    HIGH
    CVE-2005-2655

    lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.... Read more

    Affected Products : maildrop
    • Published: Aug. 30, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2018-4018

    An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An at... Read more

    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-2530

    Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."... Read more

    Affected Products : java
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2511

    Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2425

    Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string.... Read more

    Affected Products : fileshare
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2149

    config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.... Read more

    Affected Products : cacti
    • Published: Jul. 06, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292803 Results