Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2023-25915

    Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system.... Read more

    Affected Products : ak-sm_800a_firmware ak-sm_800a
    • EPSS Score: %0.44
    • Published: Aug. 21, 2023
    • Modified: Jan. 17, 2025

  • 9.9

    CRITICAL
    CVE-2024-9463

    An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API ... Read more

    • Actively Exploited
    • Published: Oct. 09, 2024
    • Modified: Nov. 15, 2024

  • 9.9

    CRITICAL
    CVE-2022-43402

    A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including ... Read more

    Affected Products : pipeline\
    • EPSS Score: %0.07
    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-2620

    Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this f... Read more

    • EPSS Score: %2.50
    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-27134

    Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive info... Read more

    Affected Products : jabber jabber_for_mobile_platforms
    • EPSS Score: %0.67
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2012-1516

    The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS v... Read more

    Affected Products : esxi esx
    • EPSS Score: %1.16
    • Published: May. 04, 2012
    • Modified: Apr. 11, 2025

  • 9.9

    CRITICAL
    CVE-2018-18809

    The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Editi... Read more

    • Actively Exploited
    • EPSS Score: %93.96
    • Published: Mar. 07, 2019
    • Modified: Feb. 12, 2025

  • 9.9

    CRITICAL
    CVE-2020-6103

    An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execu... Read more

    • EPSS Score: %0.93
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-1595

    <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint applica... Read more

    • EPSS Score: %0.83
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-9264

    The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vu... Read more

    Affected Products : grafana
    • Published: Oct. 18, 2024
    • Modified: Mar. 14, 2025

  • 9.9

    CRITICAL
    CVE-2022-43439

    A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V... Read more

    • EPSS Score: %0.93
    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-22467

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.... Read more

    Affected Products : connect_secure
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2025-25279

    Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a spec... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2017-2349

    A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Juno... Read more

    Affected Products : junos
    • EPSS Score: %3.10
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2019-16541

    Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.... Read more

    Affected Products : jira
    • EPSS Score: %0.48
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-1469

    Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive informa... Read more

    Affected Products : jabber
    • EPSS Score: %0.48
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-30120

    Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- Duri... Read more

    Affected Products : vsa
    • EPSS Score: %0.16
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-38450

    The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.... Read more

    • EPSS Score: %0.28
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-0022

    SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may... Read more

    • EPSS Score: %0.32
    • Published: Jan. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2019-1365

    An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to ex... Read more

    • EPSS Score: %2.53
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291573 Results