Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-6403

    An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.... Read more

    Affected Products : netbackup_appliance netbackup
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-48887

    A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request... Read more

    Affected Products : fortiswitch fortiswitch
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-48886

    A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManage... Read more

    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2017-6274

    An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A... Read more

    Affected Products : android
    • Published: Nov. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-48845

    Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; ... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-48823

    Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page.... Read more

    Affected Products :
    • Published: Oct. 14, 2024
    • Modified: Mar. 15, 2025

  • 9.8

    CRITICAL
    CVE-2021-44231

    Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.... Read more

    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48760

    An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.... Read more

    Affected Products : gestioip
    • Published: Jan. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2017-6089

    SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id para... Read more

    Affected Products : phpcollab
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-48579

    SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.... Read more

    • Published: Oct. 25, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2017-6070

    CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.... Read more

    Affected Products : cms_made_simple form_builder
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-41816

    CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.... Read more

    Affected Products : ruby fedora cgi
    • Published: Feb. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48590

    Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information.... Read more

    Affected Products : spirateam
    • Published: Mar. 20, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2024-48538

    Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 9.8

    CRITICAL
    CVE-2021-4161

    The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.... Read more

    • Published: Dec. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48509

    Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting ... Read more

    • Published: Oct. 21, 2024
    • Modified: Jan. 23, 2025

  • 9.8

    CRITICAL
    CVE-2021-4127

    An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.... Read more

    Affected Products : firefox_esr thunderbird
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2017-6050

    A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.... Read more

    Affected Products : integraxor
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6025

    A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.... Read more

    Affected Products : web_server
    • Published: May. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-48411

    itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the val-email parameter in forget_password.php.... Read more

    • Published: Oct. 15, 2024
    • Modified: May. 17, 2025
Showing 20 of 293339 Results