Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2025-26793

    The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configura... Read more

    Affected Products :
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-26611

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `remover_produto.php` endpoint. This vulnerability could allow an attacker to execute ar... Read more

    Affected Products : wegia
    • Published: Feb. 18, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-26608

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `dependente_docdependente.php` endpoint. This vulnerability could allow an attacker to e... Read more

    Affected Products : wegia
    • Published: Feb. 18, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-26609

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `familiar_docfamiliar.php` endpoint. This vulnerability could allow an attacker to execu... Read more

    Affected Products : wegia
    • Published: Feb. 18, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-24786

    WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database pr... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-24957

    WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing ... Read more

    Affected Products : wegia
    • Published: Feb. 03, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-24522

    KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands o... Read more

    Affected Products :
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-23123

    A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.... Read more

    Affected Products :
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-20337

    A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vuln... Read more

    • Actively Exploited
    • Published: Jul. 16, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-20309

    A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root accoun... Read more

    Affected Products : unified_communications_manager
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-20281

    A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vuln... Read more

    • Actively Exploited
    • Published: Jun. 25, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-20188

    A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to up... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-1866

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-1744

    Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.... Read more

    Affected Products : radare2
    • Published: Feb. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2024-9985

    Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-9479

    Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-8878

    The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.... Read more

    Affected Products : netman_204_firmware netman_204
    • Published: Sep. 25, 2024
    • Modified: Sep. 30, 2024

  • 10.0

    CRITICAL
    CVE-2024-8888

    An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate... Read more

    Affected Products : q-smt_firmware q-smt
    • Published: Sep. 18, 2024
    • Modified: Oct. 01, 2024

  • 10.0

    CRITICAL
    CVE-2024-8615

    The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible f... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 10.0

    CRITICAL
    CVE-2024-8525

    An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file.... Read more

    Affected Products : webctrl
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293353 Results