Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2017-10917

    Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.... Read more

    Affected Products : xen
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.4

    HIGH
    CVE-2016-2208

    The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.... Read more

    Affected Products : anti-virus_engine
    • Published: May. 19, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2016-3541

    Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Notes.... Read more

    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2024-33499

    A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1... Read more

    Affected Products : simatic_rtls_locating_manager
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-32838

    SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query paramet... Read more

    Affected Products : fineract
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2024-12106

    In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.... Read more

    Affected Products : whatsup_gold
    • Published: Dec. 31, 2024
    • Modified: Jan. 06, 2025

  • 9.4

    HIGH
    CVE-2014-9605

    WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character ... Read more

    Affected Products : netsweeper
    • Published: Sep. 04, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2014-8567

    The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.... Read more

    • Published: Nov. 14, 2014
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2021-31597

    The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other... Read more

    Affected Products : xmlhttprequest-ssl xmlhttprequest
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2008-5407

    Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and r... Read more

    Affected Products : backup_exec_for_windows_server
    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2020-3634

    u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ... Read more

    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2014-6221

    The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat crypt... Read more

    Affected Products : rational_clearcase
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2014-5415

    Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service... Read more

    Affected Products : twincat embedded_pc_images
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2014-125118

    A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid userna... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 9.4

    HIGH
    CVE-2016-1034

    The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors.... Read more

    Affected Products : creative_cloud
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    CRITICAL
    CVE-2023-49581

    SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. B... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2013-6207

    Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of service via unknown vectors, aka ZDI-CAN-2084.... Read more

    Affected Products : sitescope
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2013-5654

    Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage... Read more

    Affected Products : yingzhipython
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-25533

    Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statem... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025

  • 9.4

    HIGH
    CVE-2013-2068

    Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) ... Read more

    Affected Products : cloudforms_management_engine
    • Published: Sep. 28, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 292916 Results