Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-34150

    The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary syste... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2012-10059

    Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitr... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2023-1834

    Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default.  This could potentially allow attackers unauthorized access to the devic... Read more

    Affected Products : kinetix_5500_firmware kinetix_5500
    • EPSS Score: %0.24
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-1897

    Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller.... Read more

    • EPSS Score: %0.04
    • Published: Jun. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-33987

    An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERN... Read more

    Affected Products : web_dispatcher
    • EPSS Score: %0.14
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-1935

    ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.... Read more

    • EPSS Score: %0.02
    • Published: Aug. 02, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2018-20577

    Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1... Read more

    • EPSS Score: %0.14
    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2019-14063

    Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infr... Read more

    • EPSS Score: %0.24
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-20696

    Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before V5.6.8.3 and WAC510 before V5.6.8.3.... Read more

    • EPSS Score: %0.40
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2013-5654

    Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage... Read more

    Affected Products : yingzhipython
    • EPSS Score: %0.78
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-11126

    Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industri... Read more

    • EPSS Score: %0.29
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-36980

    This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The spe... Read more

    Affected Products : avalanche
    • EPSS Score: %2.58
    • Published: Mar. 29, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-3945

    Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.... Read more

    Affected Products : kavita
    • EPSS Score: %0.35
    • Published: Nov. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2005-4156

    Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.... Read more

    Affected Products : mambo_open_source_4.5
    • EPSS Score: %0.88
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 9.4

    CRITICAL
    CVE-2024-0964

    A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.... Read more

    Affected Products : gradio
    • EPSS Score: %0.11
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-26990

    Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.... Read more

    Affected Products : cloud_manager
    • EPSS Score: %0.81
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2014-5415

    Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service... Read more

    Affected Products : twincat embedded_pc_images
    • EPSS Score: %0.79
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2025-55293

    Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if (p.public_key.size > 0) {', clearing the existing ... Read more

    Affected Products : meshtastic_firmware
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-55299

    VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with ... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-30091

    In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into conf... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection
Showing 20 of 291316 Results