Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2017-10202

    Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with... Read more

    Affected Products : database
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2019-10758

    mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.... Read more

    Affected Products : mongo-express
    • Actively Exploited
    • Published: Dec. 24, 2019
    • Modified: Mar. 13, 2025

  • 9.9

    CRITICAL
    CVE-2019-10431

    A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.... Read more

    Affected Products : script_security
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2016-9603

    A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user... Read more

    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-21465

    The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrust... Read more

    Affected Products : business_warehouse
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-21345

    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed... Read more

    • Published: Mar. 23, 2021
    • Modified: May. 23, 2025

  • 9.9

    CRITICAL
    CVE-2017-14445

    An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An ... Read more

    Affected Products : hub_firmware hub
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-1418

    Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive informa... Read more

    Affected Products : jabber
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-1417

    Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive informa... Read more

    Affected Products : jabber
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-23120

    A vulnerability allowing remote code execution (RCE) for domain users.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Mar. 20, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2022-43545

    A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V... Read more

    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-3105

    The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of... Read more

    Affected Products : woody_code_snippets
    • Published: Jun. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-39932

    Gogs through 0.13.0 allows argument injection during the previewing of changes.... Read more

    Affected Products : gogs
    • Published: Jul. 04, 2024
    • Modified: Apr. 10, 2025

  • 9.9

    CRITICAL
    CVE-2024-39943

    rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of sp... Read more

    Affected Products : http_file_server
    • Published: Jul. 04, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-39915

    Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF repo... Read more

    Affected Products : thruk
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-39930

    The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if ... Read more

    Affected Products : gogs
    • Published: Jul. 04, 2024
    • Modified: Apr. 11, 2025

  • 9.9

    CRITICAL
    CVE-2024-39327

    Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility to obtain CA signing in an illegitimate way.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2024-38194

    An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.... Read more

    Affected Products : azure_web_apps
    • Published: Sep. 10, 2024
    • Modified: Sep. 17, 2024

  • 9.9

    CRITICAL
    CVE-2024-37906

    Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL ... Read more

    Affected Products : admidio
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-37901

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchS... Read more

    Affected Products : xwiki
    • Published: Jul. 31, 2024
    • Modified: Sep. 06, 2024
Showing 20 of 292802 Results