Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2024-38492

    This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.... Read more

    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-7093

    Dispatch's notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in thei... Read more

    Affected Products : dispatch
    • Published: Aug. 01, 2024
    • Modified: Aug. 02, 2024

  • 9.4

    HIGH
    CVE-2021-28506

    An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.... Read more

    Affected Products : eos
    • EPSS Score: %0.28
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-0660

    Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • EPSS Score: %7.50
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-9137

    The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration fil... Read more

    • Published: Oct. 14, 2024
    • Modified: Jan. 17, 2025

  • 9.4

    CRITICAL
    CVE-2023-32188

    A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.... Read more

    Affected Products : neuvector
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.4

    HIGH
    CVE-2021-35117

    An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music... Read more

    • EPSS Score: %0.24
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-46890

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privilege... Read more

    Affected Products : sinec_ins
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 9.4

    HIGH
    CVE-2021-46424

    Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • EPSS Score: %91.47
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-52052

    Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution.... Read more

    Affected Products : streaming_engine
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-35083

    Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon I... Read more

    • EPSS Score: %0.16
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-10576

    Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissi... Read more

    Affected Products :
    • Published: Dec. 04, 2024
    • Modified: Dec. 04, 2024

  • 9.4

    CRITICAL
    CVE-2022-2102

    Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in ... Read more

    • EPSS Score: %0.20
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-2105

    Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.... Read more

    • EPSS Score: %0.19
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-22524

    In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .... Read more

    • EPSS Score: %0.32
    • Published: Sep. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2025-0324

    The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.... Read more

    Affected Products : axis_os
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2024-13967

    This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8.... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-34071

    A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be ... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-2523

    The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, whic... Read more

    Affected Products : c200e_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2025-52579

    Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory befor... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cryptography
Showing 20 of 291736 Results