Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-6530

    Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change.... Read more

    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-4177

    A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premis... Read more

    Affected Products : gravityzone
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-6506

    In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.... Read more

    Affected Products : data_expert_ultimate
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6465

    Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.... Read more

    Affected Products : ftpshell_client
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6532

    Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db.... Read more

    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-0839

    Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.... Read more

    Affected Products : liquibase sqlcl
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-6349

    An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.... Read more

    Affected Products : vim
    • Published: Feb. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6403

    An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.... Read more

    Affected Products : netbackup_appliance netbackup
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-48887

    A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request... Read more

    Affected Products : fortiswitch fortiswitch
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-48886

    A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManage... Read more

    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2017-6274

    An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A... Read more

    Affected Products : android
    • Published: Nov. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-48845

    Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; ... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-48823

    Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 15, 2025

  • 9.8

    CRITICAL
    CVE-2021-44231

    Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.... Read more

    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48760

    An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.... Read more

    Affected Products : gestioip
    • Published: Jan. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2017-6089

    SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id para... Read more

    Affected Products : phpcollab
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-48579

    SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.... Read more

    • Published: Oct. 25, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2017-6070

    CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.... Read more

    Affected Products : cms_made_simple form_builder
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-41816

    CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.... Read more

    Affected Products : ruby fedora cgi
    • Published: Feb. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48590

    Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information.... Read more

    Affected Products : spirateam
    • Published: Mar. 20, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 292803 Results