Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-48841

    Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Feb. 14, 2025

  • 10.0

    HIGH
    CVE-2018-7076

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %20.34
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-24905

    WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, al... Read more

    Affected Products : wegia
    • Published: Feb. 03, 2025
    • Modified: Feb. 13, 2025

  • 10.0

    CRITICAL
    CVE-2025-24906

    WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowi... Read more

    Affected Products : wegia
    • Published: Feb. 03, 2025
    • Modified: Feb. 13, 2025

  • 10.0

    CRITICAL
    CVE-2024-13152

    Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025

  • 10.0

    CRITICAL
    CVE-2025-22654

    Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified allows Using Malicious Files. This issue affects Simplified: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025

  • 10.0

    CRITICAL
    CVE-2025-26613

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA application, `gerenciar_backup.php` endpoint. This vulnerability could allow an attacker to e... Read more

    Affected Products : wegia
    • Published: Feb. 18, 2025
    • Modified: Feb. 28, 2025

  • 10.0

    CRITICAL
    CVE-2023-22814

    An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. ... Read more

    • EPSS Score: %0.07
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-50707

    Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request.... Read more

    Affected Products : tripleplay
    • Published: Mar. 04, 2025
    • Modified: May. 28, 2025

  • 10.0

    CRITICAL
    CVE-2025-26852

    DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.... Read more

    Affected Products : infocad_fm infocad
    • Published: Mar. 20, 2025
    • Modified: Apr. 23, 2025

  • 10.0

    HIGH
    CVE-2025-2619

    A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to... Read more

    Affected Products : dap-1620_firmware dap-1620
    • Published: Mar. 22, 2025
    • Modified: Mar. 26, 2025

  • 10.0

    CRITICAL
    CVE-2023-4260

    Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.... Read more

    Affected Products : zephyr
    • EPSS Score: %0.26
    • Published: Sep. 27, 2023
    • Modified: Feb. 13, 2025

  • 10.0

    CRITICAL
    CVE-2023-45138

    Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and r... Read more

    Affected Products : change_request
    • EPSS Score: %78.43
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-5572

    Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.... Read more

    Affected Products : vrite
    • EPSS Score: %0.23
    • Published: Oct. 13, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-45146

    XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide ... Read more

    Affected Products : xxl-rpc
    • EPSS Score: %4.17
    • Published: Oct. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-41794

    A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025

  • 10.0

    CRITICAL
    CVE-2023-42802

    GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration an... Read more

    Affected Products : glpi
    • EPSS Score: %3.01
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-42770

    Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no aut... Read more

    • EPSS Score: %0.11
    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-32432

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code executi... Read more

    Affected Products : craft_cms
    • Published: Apr. 25, 2025
    • Modified: Apr. 28, 2025

  • 10.0

    CRITICAL
    CVE-2023-6269

    An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 a... Read more

    • EPSS Score: %0.46
    • Published: Dec. 05, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 290943 Results