Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-37903

    vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker ha... Read more

    Affected Products : vm2
    • EPSS Score: %35.57
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-32642

    Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 10.0

    CRITICAL
    CVE-2025-34027

    The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check ... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2018-0349

    A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-te... Read more

    • EPSS Score: %1.25
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-21806

    A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.... Read more

    • EPSS Score: %2.00
    • Published: Jun. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-4715

    Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary ... Read more

    Affected Products : rslinx_enterprise rslinx_enterprise
    • EPSS Score: %0.34
    • Published: Apr. 18, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-2206

    Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.... Read more

    Affected Products : getgo_download_manager
    • EPSS Score: %76.64
    • Published: Mar. 05, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-10837

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. The Esecomm Trustlet allows a stack overflow and arbitrary code execution. The Samsung ID is SVE-2019-15984 (February 2020).... Read more

    Affected Products : android
    • EPSS Score: %0.23
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3029

    EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerabil... Read more

    Affected Products : ecs_imaging
    • EPSS Score: %3.41
    • Published: Jan. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10500

    While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Vo... Read more

    • EPSS Score: %0.36
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-4853

    A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device.... Read more

    • EPSS Score: %0.44
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1139

    Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.... Read more

    Affected Products : simple_plantilla_php
    • EPSS Score: %0.77
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-22992

    A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to... Read more

    • EPSS Score: %0.67
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-5847

    Unraid through 6.8.0 allows Remote Code Execution.... Read more

    Affected Products : unraid
    • Actively Exploited
    • EPSS Score: %93.51
    • Published: Mar. 16, 2020
    • Modified: Feb. 04, 2025

  • 10.0

    CRITICAL
    CVE-2024-48840

    Unauthorized Access vulnerabilities allow Remote Code Execution.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 10.0

    HIGH
    CVE-2012-1405

    Unspecified vulnerability in the GO Note Widget (com.gau.go.launcherex.gowidget.notewidget) application 1.5 and 1.9 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android go_note_widget
    • EPSS Score: %0.33
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2025-2618

    A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The ... Read more

    Affected Products : dap-1620_firmware dap-1620
    • Published: Mar. 22, 2025
    • Modified: Mar. 26, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2024-49326

    Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3.... Read more

    Affected Products : affiliator
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    HIGH
    CVE-2009-3818

    Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.... Read more

    Affected Products : typo3 sr_freecap sr_freecap
    • EPSS Score: %0.35
    • Published: Oct. 28, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-50526

    Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.... Read more

    Affected Products : multi_purpose_mail_form
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024
Showing 20 of 292316 Results