Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.4

    CRITICAL
    CVE-2025-4517

    Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract(... Read more

    Affected Products : python
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal
  • 9.4

    CRITICAL
    CVE-2025-54531

    In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal
  • 9.4

    CRITICAL
    CVE-2019-10919

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to prote... Read more

    Affected Products : logo\!8_bm_firmware logo\!8_bm
    • EPSS Score: %0.75
    • Published: May. 14, 2019
    • Modified: Nov. 21, 2024
  • 9.4

    HIGH
    CVE-2007-5856

    Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.29
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025
  • 9.4

    CRITICAL
    CVE-2023-44373

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M8... Read more

    • EPSS Score: %0.62
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024
  • 9.4

    HIGH
    CVE-2016-3543

    Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.... Read more

    • EPSS Score: %1.22
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025
  • 9.4

    HIGH
    CVE-2006-6535

    The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %1.10
    • Published: Jan. 30, 2007
    • Modified: Apr. 09, 2025
  • 9.4

    CRITICAL
    CVE-2025-52939

    Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects NotepadNext: through v0.11.... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption
  • 9.4

    CRITICAL
    CVE-2020-8768

    An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examini... Read more

    • EPSS Score: %0.36
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024
  • 9.4

    CRITICAL
    CVE-2019-6665

    On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder ... Read more

    • EPSS Score: %0.84
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024
  • 9.4

    CRITICAL
    CVE-2019-19108

    An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.... Read more

    • EPSS Score: %0.57
    • Published: Apr. 20, 2020
    • Modified: Nov. 21, 2024
  • 9.4

    HIGH
    CVE-2014-5414

    Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.... Read more

    Affected Products : twincat embedded_pc_images
    • EPSS Score: %0.88
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025
  • 9.4

    HIGH
    CVE-2013-3658

    Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.... Read more

    Affected Products : esxi esx
    • EPSS Score: %0.58
    • Published: Sep. 10, 2013
    • Modified: Apr. 11, 2025
  • 9.4

    HIGH
    CVE-2020-8470

    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not re... Read more

    • EPSS Score: %1.12
    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024
  • 9.4

    CRITICAL
    CVE-2019-6644

    Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if ... Read more

    • EPSS Score: %0.79
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024
  • 9.4

    CRITICAL
    CVE-2019-17638

    In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ... Read more

    Affected Products : jetty
    • EPSS Score: %27.65
    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024
  • 9.4

    HIGH
    CVE-2017-10917

    Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.... Read more

    Affected Products : xen
    • EPSS Score: %0.84
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025
  • 9.4

    HIGH
    CVE-2016-2208

    The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.... Read more

    Affected Products : anti-virus_engine
    • EPSS Score: %52.67
    • Published: May. 19, 2016
    • Modified: Apr. 12, 2025
  • 9.4

    HIGH
    CVE-2016-3541

    Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Notes.... Read more

    • EPSS Score: %1.36
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025
  • 9.4

    CRITICAL
    CVE-2024-12106

    In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 31, 2024
    • Modified: Jan. 06, 2025
Showing 20 of 291773 Results