Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2016-3543

    Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.... Read more

    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2006-6535

    The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 30, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    CRITICAL
    CVE-2017-14000

    An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without au... Read more

    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.4

    CRITICAL
    CVE-2020-8768

    An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examini... Read more

    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-41940

    A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privilege... Read more

    Affected Products : sinec_nms
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 9.4

    CRITICAL
    CVE-2024-41789

    A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute ... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authentication

  • 9.4

    HIGH
    CVE-2014-5414

    Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.... Read more

    Affected Products : twincat embedded_pc_images
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2013-3658

    Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.... Read more

    Affected Products : esxi esx
    • Published: Sep. 10, 2013
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2021-1296

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files ... Read more

    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-39815

    Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of serv... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 20, 2024

  • 9.4

    HIGH
    CVE-2016-0699

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to the Login sub-component.... Read more

    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2024-37802

    CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter.... Read more

    • Published: Jun. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-36439

    Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password.... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-9906

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : macos mac_os_x iphone_os watchos ipados
    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-8470

    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not re... Read more

    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2015-6259

    The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via cra... Read more

    • Published: Sep. 04, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2024-35783

    A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server 2022 (All versions < V2022 SP1 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2... Read more

    • Published: Sep. 10, 2024
    • Modified: Jan. 14, 2025

  • 9.4

    HIGH
    CVE-2017-10917

    Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.... Read more

    Affected Products : xen
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.4

    HIGH
    CVE-2016-2208

    The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.... Read more

    Affected Products : anti-virus_engine
    • Published: May. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2016-3541

    Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Notes.... Read more

    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292803 Results