Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-0402

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a wo... Read more

    Affected Products : gitlab
    • EPSS Score: %39.31
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-43546

    A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V... Read more

    • EPSS Score: %1.62
    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-43405

    A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the ... Read more

    Affected Products : groovy_libraries
    • EPSS Score: %0.17
    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-28181

    NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, den... Read more

    • EPSS Score: %0.89
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-6100

    An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger thi... Read more

    • EPSS Score: %0.42
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-1112

    An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.... Read more

    • EPSS Score: %1.36
    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-20286

    A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited admini... Read more

    Affected Products : identity_services_engine
    • Published: Jun. 04, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2024-6327

    In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.... Read more

    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-22116

    An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, th... Read more

    Affected Products : zabbix
    • Published: Aug. 12, 2024
    • Modified: Dec. 04, 2024

  • 9.9

    CRITICAL
    CVE-2023-48365

    Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing ... Read more

    Affected Products : qlik_sense
    • Actively Exploited
    • EPSS Score: %68.54
    • Published: Nov. 15, 2023
    • Modified: Mar. 13, 2025

  • 9.9

    CRITICAL
    CVE-2023-22946

    In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-... Read more

    Affected Products : spark
    • EPSS Score: %0.18
    • Published: Apr. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-41272

    An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services... Read more

    Affected Products : netweaver_process_integration
    • EPSS Score: %0.47
    • Published: Dec. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-2884

    A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint... Read more

    Affected Products : gitlab
    • EPSS Score: %80.03
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 9.9

    CRITICAL
    CVE-2021-1411

    Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive informa... Read more

    Affected Products : jabber
    • EPSS Score: %0.48
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-3495

    A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially cra... Read more

    Affected Products : jabber
    • EPSS Score: %10.74
    • Published: Sep. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-2587

    Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker wi... Read more

    Affected Products : human_resources
    • EPSS Score: %1.98
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-17095

    Windows Hyper-V Remote Code Execution Vulnerability... Read more

    • EPSS Score: %2.98
    • Published: Dec. 10, 2020
    • Modified: Aug. 28, 2025

  • 9.9

    CRITICAL
    CVE-2020-1210

    <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the S... Read more

    • EPSS Score: %0.96
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-4013

    IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.... Read more

    Affected Products : bigfix_platform
    • EPSS Score: %13.13
    • Published: Apr. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-42448

    From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024
Showing 20 of 291573 Results