Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2010-3599

    Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 9.4

    CRITICAL
    CVE-2024-1624

    An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Rele... Read more

    Affected Products : 3dexperience
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2008-5518

    Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) ... Read more

    Affected Products : windows geronimo
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2020-11285

    Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdr... Read more

    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-11276

    Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Ele... Read more

    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-11247

    Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Mus... Read more

    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2005-4332

    Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmw... Read more

    • Published: Dec. 17, 2005
    • Modified: Apr. 03, 2025

  • 9.4

    CRITICAL
    CVE-2020-10265

    Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starti... Read more

    Affected Products : ur_software ur10 ur3 ur5 ur10e ur3e ur5e
    • Published: Apr. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2005-4156

    Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.... Read more

    Affected Products : mambo_open_source_4.5
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 9.4

    HIGH
    CVE-2020-11126

    Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industri... Read more

    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-0964

    A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.... Read more

    Affected Products : gradio
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2002-2268

    Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.... Read more

    Affected Products : webster_http_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 9.4

    CRITICAL
    CVE-2019-6665

    On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder ... Read more

    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-6644

    Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if ... Read more

    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2019-4210

    IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986.... Read more

    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2019-5078

    An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can c... Read more

    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-6718

    An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users.... Read more

    Affected Products : repox
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2021-32642

    radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discov... Read more

    Affected Products : fedora radsecproxy
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2005-4853

    The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrar... Read more

    Affected Products : ez_publish
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 9.4

    CRITICAL
    CVE-2025-30063

    The configuration file containing database logins and passwords is readable by any local user.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293284 Results