Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2025-54381

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to for... Read more

    Affected Products : bentoml
    • Published: Jul. 29, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.9

    CRITICAL
    CVE-2024-10960

    The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with ... Read more

    Affected Products : brizy
    • Published: Feb. 12, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2018-18810

    The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to crede... Read more

    • EPSS Score: %0.18
    • Published: Dec. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2009-3616

    Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfe... Read more

    • EPSS Score: %0.86
    • Published: Oct. 23, 2009
    • Modified: Apr. 09, 2025

  • 9.9

    CRITICAL
    CVE-2018-18556

    A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can... Read more

    Affected Products : vyos
    • EPSS Score: %69.79
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-2044

    pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code ex... Read more

    Affected Products : pgadmin
    • Published: Mar. 07, 2024
    • Modified: Feb. 13, 2025

  • 9.9

    CRITICAL
    CVE-2023-27586

    CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server... Read more

    Affected Products : cairosvg
    • EPSS Score: %0.07
    • Published: Mar. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-42369

    Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.... Read more

    Affected Products : imagicle_uc_suite
    • EPSS Score: %0.70
    • Published: Oct. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-43403

    A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass... Read more

    Affected Products : script_security
    • EPSS Score: %0.20
    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-5121

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.... Read more

    Affected Products : gitlab
    • Published: Jun. 20, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2024-9014

    pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.... Read more

    Affected Products : pgadmin
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 9.9

    CRITICAL
    CVE-2022-41203

    In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, w... Read more

    • EPSS Score: %1.19
    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-43401

    A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including... Read more

    Affected Products : script_security
    • EPSS Score: %0.13
    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-4901

    The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or... Read more

    Affected Products : workstation fusion
    • EPSS Score: %20.90
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2022-2992

    A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.... Read more

    Affected Products : gitlab
    • EPSS Score: %93.59
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 9.9

    CRITICAL
    CVE-2022-2185

    A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project ... Read more

    Affected Products : gitlab
    • EPSS Score: %93.50
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1680

    An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCI... Read more

    Affected Products : gitlab
    • EPSS Score: %10.77
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3110

    A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privileg... Read more

    Affected Products : database database_server
    • EPSS Score: %0.80
    • Published: Aug. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-12892

    An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may... Read more

    Affected Products : debian_linux xen
    • EPSS Score: %3.03
    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2025-2945

    Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint... Read more

    Affected Products : pgadmin
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291615 Results