Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2024-29202

    JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Cele... Read more

    Affected Products : jumpserver
    • Published: Mar. 29, 2024
    • Modified: Mar. 25, 2025

  • 9.9

    CRITICAL
    CVE-2020-27134

    Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive info... Read more

    Affected Products : jabber jabber_for_mobile_platforms
    • EPSS Score: %0.67
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2012-1516

    The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS v... Read more

    Affected Products : esxi esx
    • EPSS Score: %1.16
    • Published: May. 04, 2012
    • Modified: Apr. 11, 2025

  • 9.9

    CRITICAL
    CVE-2020-2586

    Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker wi... Read more

    Affected Products : human_resources
    • EPSS Score: %1.98
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-2587

    Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker wi... Read more

    Affected Products : human_resources
    • EPSS Score: %1.98
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-18809

    The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Editi... Read more

    • Actively Exploited
    • EPSS Score: %93.96
    • Published: Mar. 07, 2019
    • Modified: Feb. 12, 2025

  • 9.9

    CRITICAL
    CVE-2024-27956

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. ... Read more

    • Published: Mar. 21, 2024
    • Modified: Feb. 14, 2025

  • 9.9

    CRITICAL
    CVE-2024-27317

    In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerabi... Read more

    Affected Products : pulsar
    • Published: Mar. 12, 2024
    • Modified: Jan. 19, 2025

  • 9.9

    CRITICAL
    CVE-2024-27135

    Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also ap... Read more

    Affected Products : pulsar
    • Published: Mar. 12, 2024
    • Modified: Feb. 13, 2025

  • 9.9

    CRITICAL
    CVE-2024-9264

    The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vu... Read more

    Affected Products : grafana
    • Published: Oct. 18, 2024
    • Modified: Mar. 14, 2025

  • 9.9

    CRITICAL
    CVE-2022-43439

    A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V... Read more

    • EPSS Score: %0.99
    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-27484

    Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ progr... Read more

    • EPSS Score: %0.93
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-22467

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.... Read more

    Affected Products : connect_secure
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2020-27486

    Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ progra... Read more

    • EPSS Score: %0.56
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-27485

    Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ prog... Read more

    • EPSS Score: %1.09
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-25279

    Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a spec... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2024-25693

    There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory. ... Read more

    Affected Products : linux_kernel windows portal_for_arcgis
    • Published: Apr. 04, 2024
    • Modified: Jan. 08, 2025

  • 9.9

    CRITICAL
    CVE-2024-25918

    Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8. ... Read more

    Affected Products : instawp_connect
    • Published: Apr. 03, 2024
    • Modified: Feb. 09, 2025

  • 9.9

    CRITICAL
    CVE-2020-27133

    Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive info... Read more

    Affected Products : jabber jabber_for_mobile_platforms
    • EPSS Score: %0.44
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-27132

    Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive info... Read more

    Affected Products : jabber jabber_for_mobile_platforms
    • EPSS Score: %0.43
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292761 Results