Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2025-50567

    Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statemen... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025

  • 10.0

    HIGH
    CVE-2020-13117

    Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.... Read more

    • EPSS Score: %92.08
    • Published: Feb. 09, 2021
    • Modified: Aug. 19, 2025

  • 10.0

    CRITICAL
    CVE-2011-10019

    Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send ... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 18, 2025

  • 10.0

    CRITICAL
    CVE-2023-43029

    IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment.... Read more

    • Published: Mar. 21, 2025
    • Modified: Aug. 17, 2025

  • 10.0

    HIGH
    CVE-2025-7574

    A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web... Read more

    Affected Products : bl-ac3600_firmware
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 10.0

    CRITICAL
    CVE-2025-2071

    A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling ... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025

  • 10.0

    HIGH
    CVE-2014-7920

    mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.... Read more

    Affected Products : android
    • EPSS Score: %9.62
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2024-0643

    Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise.... Read more

    Affected Products : live_encoder
    • EPSS Score: %0.44
    • Published: Jan. 17, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-22609

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his ow... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 10.0

    HIGH
    CVE-2022-25247

    Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated att... Read more

    Affected Products : axeda_agent axeda_desktop_server
    • EPSS Score: %2.26
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25394

    Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php.... Read more

    Affected Products : medical_store_management_system
    • EPSS Score: %0.31
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-43605

    An out-of-bounds write vulnerability exists in the SetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out of bounds write, potentially causing... Read more

    Affected Products : opener
    • EPSS Score: %5.34
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25440

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5896

    The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, relat... Read more

    Affected Products : intrust
    • EPSS Score: %81.25
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2023-33189

    Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.... Read more

    Affected Products : pomerium
    • EPSS Score: %0.20
    • Published: May. 30, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-34035

    An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject a... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025

  • 10.0

    HIGH
    CVE-2022-25980

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system c... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-8496

    Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack.... Read more

    • EPSS Score: %1.78
    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-4041

    webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.... Read more

    Affected Products : webaccess
    • EPSS Score: %30.86
    • Published: Feb. 06, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-32599

    Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.2.1. ... Read more

    Affected Products : wp_dummy_content_generator
    • Published: Apr. 18, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 290974 Results