Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2025-0066

    Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, ... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Information Disclosure

  • 9.9

    CRITICAL
    CVE-2024-6678

    An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certai... Read more

    Affected Products : gitlab
    • Published: Sep. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-45387

    An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially... Read more

    Affected Products : traffic_control
    • Published: Dec. 23, 2024
    • Modified: Feb. 11, 2025

  • 9.9

    CRITICAL
    CVE-2021-28476

    Windows Hyper-V Remote Code Execution Vulnerability... Read more

    • EPSS Score: %63.20
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-42327

    A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called fro... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 9.9

    CRITICAL
    CVE-2021-26424

    Windows TCP/IP Remote Code Execution Vulnerability... Read more

    • EPSS Score: %9.83
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2024-39932

    Gogs through 0.13.0 allows argument injection during the previewing of changes.... Read more

    Affected Products : gogs
    • Published: Jul. 04, 2024
    • Modified: Apr. 10, 2025

  • 9.9

    CRITICAL
    CVE-2024-39931

    Gogs through 0.13.0 allows deletion of internal files.... Read more

    Affected Products : gogs
    • Published: Jul. 04, 2024
    • Modified: Apr. 10, 2025

  • 9.9

    CRITICAL
    CVE-2024-39930

    The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if ... Read more

    Affected Products : gogs
    • Published: Jul. 04, 2024
    • Modified: Apr. 11, 2025

  • 9.9

    CRITICAL
    CVE-2024-37288

    A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en... Read more

    Affected Products : kibana
    • Published: Sep. 09, 2024
    • Modified: Sep. 16, 2024

  • 9.9

    CRITICAL
    CVE-2021-21345

    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed... Read more

    • EPSS Score: %85.31
    • Published: Mar. 23, 2021
    • Modified: May. 23, 2025

  • 9.9

    CRITICAL
    CVE-2024-20329

    A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An ... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 01, 2025

  • 9.9

    CRITICAL
    CVE-2024-1800

    In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.... Read more

    • Published: Mar. 20, 2024
    • Modified: Jan. 16, 2025

  • 9.9

    CRITICAL
    CVE-2024-12828

    Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exist... Read more

    Affected Products : webmin
    • Published: Dec. 30, 2024
    • Modified: Aug. 14, 2025

  • 9.9

    CRITICAL
    CVE-2023-41373

    A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to ... Read more

    • EPSS Score: %2.64
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-41265

    An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attac... Read more

    Affected Products : qlik_sense
    • Actively Exploited
    • EPSS Score: %91.72
    • Published: Aug. 29, 2023
    • Modified: Nov. 29, 2024

  • 9.9

    CRITICAL
    CVE-2023-38547

    A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configurati... Read more

    Affected Products : one
    • EPSS Score: %10.76
    • Published: Nov. 07, 2023
    • Modified: Mar. 06, 2025

  • 9.9

    CRITICAL
    CVE-2023-37271

    RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessi... Read more

    Affected Products : restrictedpython
    • EPSS Score: %0.23
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-34063

    Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. ... Read more

    Affected Products : cloud_foundation aria_automation
    • EPSS Score: %0.17
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 9.9

    CRITICAL
    CVE-2023-31415

    Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary command... Read more

    Affected Products : kibana
    • EPSS Score: %0.62
    • Published: May. 04, 2023
    • Modified: Jan. 29, 2025
Showing 20 of 291736 Results