Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2016-2208

    The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.... Read more

    Affected Products : anti-virus_engine
    • EPSS Score: %52.67
    • Published: May. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2016-3541

    Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Notes.... Read more

    • EPSS Score: %1.36
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2024-12106

    In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 31, 2024
    • Modified: Jan. 06, 2025

  • 9.4

    CRITICAL
    CVE-2021-31597

    The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other... Read more

    Affected Products : xmlhttprequest-ssl xmlhttprequest
    • EPSS Score: %0.37
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2008-5407

    Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and r... Read more

    Affected Products : backup_exec_for_windows_server
    • EPSS Score: %1.39
    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2016-1034

    The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors.... Read more

    Affected Products : creative_cloud
    • EPSS Score: %1.44
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2023-49581

    SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. B... Read more

    Affected Products : netweaver_application_server_abap
    • EPSS Score: %0.07
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2007-6480

    The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.... Read more

    Affected Products : sunos management\+center
    • EPSS Score: %5.27
    • Published: Dec. 20, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2019-15926

    An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %3.91
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-1297

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files ... Read more

    • EPSS Score: %0.44
    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2019-5078

    An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can c... Read more

    • EPSS Score: %0.67
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-9906

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : macos mac_os_x iphone_os watchos ipados
    • EPSS Score: %0.68
    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-38162

    SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over ... Read more

    Affected Products : web_dispatcher
    • EPSS Score: %0.83
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-4210

    IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986.... Read more

    • EPSS Score: %0.20
    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-47062

    Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furt... Read more

    Affected Products : navidrome
    • Published: Sep. 20, 2024
    • Modified: Aug. 26, 2025

  • 9.4

    CRITICAL
    CVE-2025-34055

    An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the st... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-34056

    An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are direc... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-34074

    An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a re... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-48952

    NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable vers... Read more

    Affected Products : netalertx
    • Published: Jul. 04, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-6793

    Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installat... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291275 Results