Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2024-36455

    An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.... Read more

    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2019-10551

    String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdrag... Read more

    • EPSS Score: %0.26
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2025-8426

    Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affecte... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2024-34226

    SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.... Read more

    Affected Products : visitor_management_system
    • Published: May. 14, 2024
    • Modified: Apr. 22, 2025

  • 9.4

    CRITICAL
    CVE-2024-47223

    A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successf... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.4

    CRITICAL
    CVE-2024-25518

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.4

    HIGH
    CVE-2015-0554

    The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device re... Read more

    Affected Products : p.dga4001n_firmware p.dga4001n
    • EPSS Score: %38.60
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2007-3180

    Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors.... Read more

    Affected Products : help_and_support_center
    • EPSS Score: %1.13
    • Published: Jun. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    CRITICAL
    CVE-2024-38645

    A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following ... Read more

    Affected Products : notes_station_3
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 9.4

    CRITICAL
    CVE-2020-12041

    The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be reboot... Read more

    • EPSS Score: %0.28
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-36456

    This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.... Read more

    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-17002

    Azure SDK for C Security Feature Bypass Vulnerability... Read more

    • EPSS Score: %6.19
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2018-6547

    plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYST... Read more

    Affected Products : plays.tv
    • EPSS Score: %0.42
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2013-0673

    Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL.... Read more

    • EPSS Score: %0.31
    • Published: May. 01, 2013
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2019-14057

    Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdrago... Read more

    • EPSS Score: %0.29
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2019-14033

    Multiple Read overflows issue due to improper length check while decoding tau reject/tau accept/detach request/attach reject/attach accept in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd... Read more

    • EPSS Score: %0.24
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2016-3527

    Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to ODPDA Servlet.... Read more

    Affected Products : demand_planning
    • EPSS Score: %1.22
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2020-25747

    The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rot... Read more

    • EPSS Score: %2.15
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-20078

    Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %44.11
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-1782

    Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11.... Read more

    Affected Products : para
    • EPSS Score: %0.30
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291275 Results