Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2007-2386

    Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %71.93
    • Published: May. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2014-8567

    The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.... Read more

    • EPSS Score: %4.43
    • Published: Nov. 14, 2014
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2023-22644

    A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.... Read more

    Affected Products : manager_server
    • EPSS Score: %0.04
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2025-57761

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to exec... Read more

    Affected Products : wegia
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-24902

    WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access... Read more

    Affected Products : wegia
    • Published: Feb. 03, 2025
    • Modified: Aug. 22, 2025

  • 9.4

    CRITICAL
    CVE-2025-27494

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an aut... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2023-4966

    Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.... Read more

    • Actively Exploited
    • EPSS Score: %94.30
    • Published: Oct. 10, 2023
    • Modified: Mar. 13, 2025

  • 9.4

    HIGH
    CVE-2019-8527

    A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos
    • EPSS Score: %0.97
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-17137

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw ex... Read more

    Affected Products : ac1200_r6220_firmware ac1200_r6220
    • EPSS Score: %0.43
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2008-5518

    Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) ... Read more

    Affected Products : windows geronimo
    • EPSS Score: %15.78
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025

  • 9.4

    CRITICAL
    CVE-2025-3463

    "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer t... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025

  • 9.4

    CRITICAL
    CVE-2024-8963

    Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.... Read more

    • Actively Exploited
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024

  • 9.4

    CRITICAL
    CVE-2023-22501

    An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to... Read more

    Affected Products : jira_service_management
    • EPSS Score: %1.67
    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-31217

    In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.... Read more

    Affected Products : dameware_mini_remote_control
    • EPSS Score: %0.26
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-1296

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files ... Read more

    • EPSS Score: %0.44
    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-14875

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    Affected Products : marketing
    • EPSS Score: %1.99
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2016-3546

    Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs.... Read more

    • EPSS Score: %1.22
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2013-6207

    Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084.... Read more

    Affected Products : sitescope
    • EPSS Score: %2.46
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2013-2352

    LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by lev... Read more

    • EPSS Score: %2.22
    • Published: Jul. 10, 2013
    • Modified: Apr. 11, 2025

  • 9.4

    CRITICAL
    CVE-2024-1874

    In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply ... Read more

    Affected Products : fedora php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025
Showing 20 of 291384 Results