Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-37288

    A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en... Read more

    Affected Products : kibana
    • Published: Sep. 09, 2024
    • Modified: Sep. 16, 2024

  • 9.9

    CRITICAL
    CVE-2015-7926

    eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.... Read more

    Affected Products : ewon_firmware
    • Published: Dec. 23, 2015
    • Modified: Apr. 12, 2025

  • 9.9

    CRITICAL
    CVE-2015-5951

    A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.... Read more

    Affected Products : fatca
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-6103

    An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execu... Read more

    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-6101

    An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a specially crafted shader file to trigger this vulnerability, resulting in code executi... Read more

    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-6081

    An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to... Read more

    Affected Products : runtime
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-10352

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerabilit... Read more

    Affected Products : weblogic_server
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2024-34762

    Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Adv... Read more

    Affected Products :
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-34411

    Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0. ... Read more

    Affected Products : canvasio3d_light
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2015-2079

    Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.... Read more

    Affected Products : usermin usermin
    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2024-32514

    Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4. ... Read more

    Affected Products : wp_poll_maker
    • Published: Apr. 17, 2024
    • Modified: Jun. 09, 2025

  • 9.9

    CRITICAL
    CVE-2019-5153

    An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in re... Read more

    Affected Products : mxview awk-3131a_firmware awk-3131a
    • Published: Feb. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-35762

    Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution. ... Read more

    Affected Products : me_rtu_firmware me_rtu
    • Published: Nov. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-31997

    XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user'... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 09, 2025

  • 9.9

    CRITICAL
    CVE-2020-15049

    An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+... Read more

    Affected Products : fedora squid
    • Published: Jun. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-31390

    : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. ... Read more

    Affected Products : breakdance
    • Published: Apr. 03, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-4077

    In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIs... Read more

    Affected Products : electron
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-9463

    An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API ... Read more

    • Actively Exploited
    • Published: Oct. 09, 2024
    • Modified: Nov. 15, 2024

  • 9.9

    CRITICAL
    CVE-2022-43402

    A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including ... Read more

    Affected Products : pipeline\
    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-2083

    A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypas... Read more

    Affected Products : zenml
    • Published: Apr. 16, 2024
    • Modified: May. 12, 2025
Showing 20 of 292801 Results