Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-27494

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an aut... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2023-4966

    Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.... Read more

    • Actively Exploited
    • EPSS Score: %94.30
    • Published: Oct. 10, 2023
    • Modified: Mar. 13, 2025

  • 9.4

    HIGH
    CVE-2019-8527

    A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos
    • EPSS Score: %0.97
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-17137

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw ex... Read more

    Affected Products : ac1200_r6220_firmware ac1200_r6220
    • EPSS Score: %0.43
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2008-5518

    Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) ... Read more

    Affected Products : windows geronimo
    • EPSS Score: %15.78
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025

  • 9.4

    CRITICAL
    CVE-2025-3463

    "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer t... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025

  • 9.4

    CRITICAL
    CVE-2024-8963

    Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.... Read more

    • Actively Exploited
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024

  • 9.4

    CRITICAL
    CVE-2023-22501

    An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to... Read more

    Affected Products : jira_service_management
    • EPSS Score: %1.67
    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-31217

    In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.... Read more

    Affected Products : dameware_mini_remote_control
    • EPSS Score: %0.26
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-1296

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files ... Read more

    • EPSS Score: %0.44
    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-14875

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    Affected Products : marketing
    • EPSS Score: %1.99
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2016-3546

    Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs.... Read more

    • EPSS Score: %1.22
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2013-6207

    Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084.... Read more

    Affected Products : sitescope
    • EPSS Score: %2.46
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2013-2352

    LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by lev... Read more

    • EPSS Score: %2.22
    • Published: Jul. 10, 2013
    • Modified: Apr. 11, 2025

  • 9.4

    CRITICAL
    CVE-2024-1874

    In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply ... Read more

    Affected Products : fedora php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025

  • 9.4

    HIGH
    CVE-2012-2627

    d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.... Read more

    Affected Products : scrutinizer
    • EPSS Score: %9.54
    • Published: Jul. 31, 2012
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2010-3599

    Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %41.05
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2007-5862

    Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.21
    • Published: Dec. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2007-3191

    Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.... Read more

    • EPSS Score: %5.55
    • Published: Jun. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2007-2644

    A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename.... Read more

    Affected Products : barcode_activex_control
    • EPSS Score: %10.31
    • Published: May. 13, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291520 Results