Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2020-3634

    u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ... Read more

    • EPSS Score: %0.30
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2014-6221

    The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat crypt... Read more

    Affected Products : rational_clearcase
    • EPSS Score: %0.63
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2014-5415

    Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service... Read more

    Affected Products : twincat embedded_pc_images
    • EPSS Score: %0.79
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2014-125118

    A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid userna... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 9.4

    HIGH
    CVE-2016-1034

    The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors.... Read more

    Affected Products : creative_cloud
    • EPSS Score: %1.44
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2023-49581

    SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. B... Read more

    Affected Products : netweaver_application_server_abap
    • EPSS Score: %0.07
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2013-6207

    Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084.... Read more

    Affected Products : sitescope
    • EPSS Score: %2.46
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2013-5654

    Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage... Read more

    Affected Products : yingzhipython
    • EPSS Score: %0.78
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-25533

    Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statem... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.4

    HIGH
    CVE-2013-2068

    Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) ... Read more

    Affected Products : cloudforms_management_engine
    • EPSS Score: %75.27
    • Published: Sep. 28, 2013
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2007-6480

    The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.... Read more

    Affected Products : sunos management\+center
    • EPSS Score: %5.27
    • Published: Dec. 20, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    CRITICAL
    CVE-2013-10068

    Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL ... Read more

    Affected Products : pdf_reader
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2013-10060

    An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via craft... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.4

    HIGH
    CVE-2019-15926

    An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • EPSS Score: %3.93
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-1297

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files ... Read more

    • EPSS Score: %0.44
    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2012-10039

    ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2024-13872

    Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token A... Read more

    Affected Products : box_firmware box
    • Published: Mar. 12, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2024-1874

    In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply ... Read more

    Affected Products : fedora php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025

  • 9.4

    HIGH
    CVE-2020-14875

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    Affected Products : marketing
    • EPSS Score: %1.99
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2010-3671

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.... Read more

    Affected Products : typo3
    • EPSS Score: %0.90
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292522 Results