Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2019-10552

    Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdr... Read more

    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2025-57761

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to exec... Read more

    Affected Products : wegia
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-24902

    WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access... Read more

    Affected Products : wegia
    • Published: Feb. 03, 2025
    • Modified: Aug. 22, 2025

  • 9.4

    CRITICAL
    CVE-2025-27494

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an aut... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2023-4966

    Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.... Read more

    • Actively Exploited
    • Published: Oct. 10, 2023
    • Modified: Mar. 13, 2025

  • 9.4

    HIGH
    CVE-2007-3180

    Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors.... Read more

    Affected Products : help_and_support_center
    • Published: Jun. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2007-2271

    Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter.... Read more

    Affected Products : usp_foss_distribution
    • Published: Apr. 25, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2007-0543

    ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests th... Read more

    Affected Products : zixforum
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2019-8527

    A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-44373

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M8... Read more

    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-17137

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw ex... Read more

    Affected Products : ac1200_r6220_firmware ac1200_r6220
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2018-6547

    plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYST... Read more

    Affected Products : plays.tv
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2018-3881

    An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data ... Read more

    Affected Products : focalscope
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-33987

    An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERN... Read more

    Affected Products : web_dispatcher
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-31217

    In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.... Read more

    Affected Products : dameware_mini_remote_control
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-22644

    A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.... Read more

    Affected Products : manager_server
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2016-3546

    Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs.... Read more

    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 9.4

    HIGH
    CVE-2013-2352

    LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by lev... Read more

    • Published: Jul. 10, 2013
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2012-2627

    d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.... Read more

    Affected Products : scrutinizer
    • Published: Jul. 31, 2012
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2018-14999

    The Leagoo P1 device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.factory (versionCode=1, versionName=1.0) that contains an exp... Read more

    Affected Products : p1_firmware p1
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results