Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2019-14020

    Multiple Read overflows issue due to improper length check while decoding dedicated_eps_bearer_req/ act_def_context_req/ cs_serv_notification/ emm_info/ guti_realloc_cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industria... Read more

    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-41591

    ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.... Read more

    Affected Products : eclair
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2008-1249

    snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service (application crash and corruption of call logs) via a "'); (double quote, quote, close parenthesis, semicolon) sequence in the "Cal... Read more

    Affected Products : 320_sip_phone
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2019-14019

    Multiple Read overflows issue due to improper length check while decoding RAU accept/PDN disconnect Rej/Modify EPS ctxt req/bearer resource alloc Rej/Deact EPs bearer REq in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industri... Read more

    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-6716

    An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (ba... Read more

    Affected Products : nervepoint_access_manager
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-11251

    Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdra... Read more

    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-43761

    Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.  ... Read more

    Affected Products : industrial_automation_aprol
    • Published: Feb. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-1899

    Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller.... Read more

    • Published: Jun. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-22272

    The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker... Read more

    Affected Products : mybuildings mybusch-jaeger
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-56333

    Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 9.4

    CRITICAL
    CVE-2024-6235

    Sensitive information disclosure in NetScaler Console... Read more

    Affected Products : netscaler_console
    • Published: Jul. 10, 2024
    • Modified: May. 14, 2025

  • 9.4

    CRITICAL
    CVE-2023-35871

    The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64... Read more

    Affected Products : web_dispatcher
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2025-27133

    WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the `adicionar_tipo_exame.php` endpoint. This vulnerability allows an authorized attacker to execute arbit... Read more

    Affected Products : wegia
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2024-25527

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.4

    CRITICAL
    CVE-2019-17354

    wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.... Read more

    Affected Products : nbg-418n_v2_firmware nbg-418n_v2
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2015-8753

    SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905.... Read more

    Affected Products : afaria
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2019-14011

    Multiple Read overflows issue due to improper length check while decoding 3G attach accept/ SMS/ pdn connection reject/ esm data transport/ bearer modify context reject in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial... Read more

    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2007-0921

    Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.... Read more

    Affected Products : portal_search
    • Published: Feb. 14, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2008-5674

    Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parame... Read more

    Affected Products : webcam_xp
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2020-11159

    Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connect... Read more

    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292879 Results