Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2019-14033

    Multiple Read overflows issue due to improper length check while decoding tau reject/tau accept/detach request/attach reject/attach accept in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd... Read more

    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2016-3527

    Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to ODPDA Servlet.... Read more

    Affected Products : demand_planning
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2020-25747

    The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rot... Read more

    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-20078

    Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.... Read more

    Affected Products : manageengine_opmanager
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-37011

    There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read.... Read more

    Affected Products : harmonyos
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2022-30710

    Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.... Read more

    Affected Products : android dex
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-34539

    Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions.... Read more

    Affected Products : tos tos
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-6097

    A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data co... Read more

    Affected Products : ics_business_manager
    • Published: Nov. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2017-9630

    An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all ve... Read more

    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.4

    CRITICAL
    CVE-2025-34044

    A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute ... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2024-10865

    Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5.... Read more

    Affected Products :
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-34049

    An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the target_addr parameter of the f... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2021-29483

    ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c... Read more

    Affected Products : managewiki
    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-41788

    A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arb... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2024-25509

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 07, 2024
    • Modified: Apr. 16, 2025

  • 9.4

    CRITICAL
    CVE-2011-10010

    QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the ... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2025-8875

    Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.... Read more

    Affected Products : n-central
    • Actively Exploited
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 9.4

    HIGH
    CVE-2007-1140

    Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.... Read more

    Affected Products : pheap
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2015-4068

    Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.... Read more

    • Actively Exploited
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2019-9748

    In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompress_nlabel in mdns.c and a crash of th... Read more

    Affected Products : tinysvcmdns
    • Published: Mar. 13, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292767 Results