Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-25034

    A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest... Read more

    Affected Products : sugarcrm
    • Published: Jun. 20, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34101

    An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parame... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34102

    A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34095

    An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2016-2492

    The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410.... Read more

    Affected Products : android android_one
    • EPSS Score: %0.04
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2008-2160

    Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.... Read more

    Affected Products : windows_embedded_compact windows_ce
    • EPSS Score: %43.77
    • Published: May. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2016-2432

    The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059.... Read more

    Affected Products : android nexus_5 nexus_6 nexus_7_\(2013\)
    • EPSS Score: %0.04
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3869

    The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2010-3101

    Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.... Read more

    Affected Products : ftp_explorer
    • EPSS Score: %0.18
    • Published: Aug. 21, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-7923

    Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the app... Read more

    Affected Products : alp-l09_firmware alp-l09
    • EPSS Score: %0.12
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-50254

    Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. ... Read more

    Affected Products : deepin_reader deepin-compressor
    • EPSS Score: %8.85
    • Published: Dec. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-0491

    Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081218 allows remote attackers to execute arbitrary code via a M3U file containing a long URL.... Read more

    Affected Products : elecard_mpeg_player
    • EPSS Score: %7.33
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-1999-0704

    Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.... Read more

    Affected Products : freebsd linux bsd_os
    • EPSS Score: %4.18
    • Published: Sep. 16, 1999
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2003-1336

    Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.... Read more

    Affected Products : mirc
    • EPSS Score: %66.55
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-6261

    Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a)... Read more

    • EPSS Score: %6.16
    • Published: Dec. 04, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-6282

    members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if display_errors is enabled, but due to lack of details, even this ... Read more

    Affected Products : vikingboard
    • EPSS Score: %0.82
    • Published: Dec. 04, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-6749

    Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter.... Read more

    Affected Products : openser
    • EPSS Score: %0.92
    • Published: Dec. 27, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-6884

    Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a diffe... Read more

    Affected Products : winzip
    • EPSS Score: %9.45
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-5574

    Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text th... Read more

    • EPSS Score: %39.16
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0766

    Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.... Read more

    Affected Products : .net_explorer
    • EPSS Score: %6.31
    • Published: Feb. 06, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291358 Results