Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.5

    CRITICAL
    CVE-2025-2516

    The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the upda... Read more

    Affected Products : wps_office
    • Published: Mar. 27, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cryptography
  • 9.5

    CRITICAL
    CVE-2025-47292

    Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by ... Read more

    Affected Products :
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication
  • 9.5

    CRITICAL
    CVE-2024-50388

    An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid B... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024
  • 9.5

    CRITICAL
    CVE-2024-1243

    Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine accoun... Read more

    Affected Products : wazuh
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Misconfiguration
  • 9.5

    CRITICAL
    CVE-2024-52329

    ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Misconfiguration
  • 9.5

    CRITICAL
    CVE-2024-50389

    A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024
  • 9.5

    CRITICAL
    CVE-2024-48860

    An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3... Read more

    Affected Products :
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024
  • 9.5

    CRITICAL
    CVE-2024-48853

    An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
  • 9.5

    CRITICAL
    CVE-2024-9487

    An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation requi... Read more

    Affected Products : enterprise_server
    • Published: Oct. 10, 2024
    • Modified: Nov. 15, 2024
  • 9.5

    CRITICAL
    CVE-2025-4318

    The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting
  • 9.5

    CRITICAL
    CVE-2025-34069

    An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated request... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication
  • 9.5

    CRITICAL
    CVE-2025-5333

    Remote attackers can execute arbitrary code in the context of the vulnerable service process.... Read more

    Affected Products :
    • Published: Jul. 06, 2025
    • Modified: Jul. 08, 2025
  • 9.5

    CRITICAL
    CVE-2024-52577

    In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whos... Read more

    Affected Products : ignite
    • Published: Feb. 14, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration
  • 9.5

    CRITICAL
    CVE-2025-24971

    DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an at... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection
  • 9.5

    CRITICAL
    CVE-2025-50121

    A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. H... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection
  • 9.5

    CRITICAL
    CVE-2024-13503

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclu... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Memory Corruption
  • 9.5

    CRITICAL
    CVE-2024-52330

    ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Misconfiguration
  • 9.5

    CRITICAL
    CVE-2024-1244

    Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in th... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Misconfiguration
  • 9.5

    CRITICAL
    CVE-2025-52464

    Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initia... Read more

    Affected Products : meshtastic_firmware
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cryptography
  • 9.5

    CRITICAL
    CVE-2013-10043

    A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker ca... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection
Showing 20 of 291222 Results