Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2007-0921

    Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.... Read more

    Affected Products : portal_search
    • EPSS Score: %0.69
    • Published: Feb. 14, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2002-2269

    Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.... Read more

    Affected Products : webster_http_server
    • EPSS Score: %0.09
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 9.4

    HIGH
    CVE-2002-2268

    Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.... Read more

    Affected Products : webster_http_server
    • EPSS Score: %74.54
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 9.4

    HIGH
    CVE-2008-5674

    Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parame... Read more

    Affected Products : webcam_xp
    • EPSS Score: %22.32
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2015-6259

    The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via cra... Read more

    • EPSS Score: %1.06
    • Published: Sep. 04, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2010-3671

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.... Read more

    Affected Products : typo3
    • EPSS Score: %0.90
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-11285

    Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdr... Read more

    • EPSS Score: %0.24
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2018-14989

    The Plum Compass Android device with a build fingerprint of PLUM/c179_hwf_221/c179_hwf_221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-eng.root... Read more

    Affected Products : compass_firmware compass
    • EPSS Score: %0.29
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-11159

    Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connect... Read more

    • EPSS Score: %0.24
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-41592

    Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.... Read more

    Affected Products : c-lightning
    • EPSS Score: %0.83
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-6718

    An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users.... Read more

    Affected Products : repox
    • EPSS Score: %0.14
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-31545

    Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6.... Read more

    • Published: Apr. 22, 2024
    • Modified: Apr. 14, 2025

  • 9.4

    CRITICAL
    CVE-2024-6877

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS.This issue affects Panel: before v2.3.24.... Read more

    Affected Products : panel
    • Published: Sep. 18, 2024
    • Modified: Sep. 25, 2024

  • 9.4

    CRITICAL
    CVE-2024-36455

    An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.... Read more

    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2019-10551

    String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdrag... Read more

    • EPSS Score: %0.26
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2025-8426

    Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affecte... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2024-34226

    SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.... Read more

    Affected Products : visitor_management_system
    • Published: May. 14, 2024
    • Modified: Apr. 22, 2025

  • 9.4

    CRITICAL
    CVE-2024-47223

    A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successf... Read more

    Affected Products : micollab
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.4

    CRITICAL
    CVE-2024-25518

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.4

    HIGH
    CVE-2015-0554

    The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device re... Read more

    Affected Products : p.dga4001n_firmware p.dga4001n
    • EPSS Score: %38.60
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291316 Results