Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2024-36456

    This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.... Read more

    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-17002

    Azure SDK for C Security Feature Bypass Vulnerability... Read more

    • EPSS Score: %6.19
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2018-6547

    plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYST... Read more

    Affected Products : plays.tv
    • EPSS Score: %0.42
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2013-0673

    Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL.... Read more

    • EPSS Score: %0.31
    • Published: May. 01, 2013
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2019-14057

    Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdrago... Read more

    • EPSS Score: %0.29
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2019-14033

    Multiple Read overflows issue due to improper length check while decoding tau reject/tau accept/detach request/attach reject/attach accept in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd... Read more

    • EPSS Score: %0.24
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2016-3527

    Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to ODPDA Servlet.... Read more

    Affected Products : demand_planning
    • EPSS Score: %1.22
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2020-25747

    The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rot... Read more

    • EPSS Score: %2.15
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-20078

    Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %44.11
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-1782

    Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11.... Read more

    Affected Products : para
    • EPSS Score: %0.30
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2017-14000

    An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without au... Read more

    • EPSS Score: %1.05
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.4

    HIGH
    CVE-2021-37011

    There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.26
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2022-30710

    Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.... Read more

    Affected Products : android dex
    • EPSS Score: %0.06
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-34539

    Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions.... Read more

    Affected Products : tos tos
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-6097

    A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data co... Read more

    Affected Products : ics_business_manager
    • EPSS Score: %0.14
    • Published: Nov. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2017-9630

    An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all ve... Read more

    • EPSS Score: %0.20
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.4

    CRITICAL
    CVE-2025-34044

    A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute ... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2024-10865

    Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5.... Read more

    Affected Products :
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-34049

    An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the target_addr parameter of the f... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2021-29483

    ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c... Read more

    Affected Products : managewiki
    • EPSS Score: %0.44
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results