Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2024-41788

    A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arb... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2024-25509

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 07, 2024
    • Modified: Apr. 16, 2025

  • 9.4

    HIGH
    CVE-2013-2068

    Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) ... Read more

    Affected Products : cloudforms_management_engine
    • EPSS Score: %75.27
    • Published: Sep. 28, 2013
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2018-14999

    The Leagoo P1 device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.factory (versionCode=1, versionName=1.0) that contains an exp... Read more

    Affected Products : p1_firmware p1
    • EPSS Score: %0.42
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2011-10010

    QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the ... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2025-8875

    Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.... Read more

    Affected Products : n-central
    • Actively Exploited
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 9.4

    HIGH
    CVE-2007-1140

    Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.... Read more

    Affected Products : pheap
    • EPSS Score: %4.12
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2015-4068

    Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.... Read more

    • Actively Exploited
    • EPSS Score: %84.12
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2019-9748

    In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompress_nlabel in mdns.c and a crash of th... Read more

    Affected Products : tinysvcmdns
    • EPSS Score: %0.51
    • Published: Mar. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-3653

    Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850... Read more

    • EPSS Score: %0.24
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-0367

    There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455... Read more

    Affected Products : android
    • EPSS Score: %0.16
    • Published: Oct. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-10205

    Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component ).This issue aff... Read more

    • Published: Dec. 17, 2024
    • Modified: Dec. 17, 2024

  • 9.4

    CRITICAL
    CVE-2024-21767

    A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request. ... Read more

    Affected Products :
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2025-4517

    Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract(... Read more

    Affected Products : python
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2025-54531

    In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2019-10919

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to prote... Read more

    Affected Products : logo\!8_bm_firmware logo\!8_bm
    • EPSS Score: %0.75
    • Published: May. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2007-5856

    Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.29
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    CRITICAL
    CVE-2023-44373

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M8... Read more

    • EPSS Score: %0.62
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2016-3543

    Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.... Read more

    • EPSS Score: %1.22
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2006-6535

    The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %1.10
    • Published: Jan. 30, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291394 Results