Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    HIGH
    CVE-2002-2269

    Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.... Read more

    Affected Products : webster_http_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 9.4

    HIGH
    CVE-2018-14989

    The Plum Compass Android device with a build fingerprint of PLUM/c179_hwf_221/c179_hwf_221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-eng.root... Read more

    Affected Products : compass_firmware compass
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2018-14062

    The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal.... Read more

    Affected Products : cospas-sarsat_system
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-22501

    An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to... Read more

    Affected Products : jira_service_management
    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2007-5862

    Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2007-3191

    Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.... Read more

    • Published: Jun. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2007-2644

    A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename.... Read more

    Affected Products : barcode_activex_control
    • Published: May. 13, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2006-6767

    oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.... Read more

    Affected Products : oftpd
    • Published: Jan. 16, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-4042

    An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.... Read more

    Affected Products : pcvue frontvue pcvue plantvue
    • Published: Apr. 03, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-3553

    Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.... Read more

    Affected Products : nitro_pro nitro_reader
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1986

    In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is ne... Read more

    Affected Products : android
    • Published: Feb. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-2731

    Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.... Read more

    Affected Products : sinema_server
    • Published: Apr. 19, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2021-1812

    A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges.... Read more

    Affected Products : iphone_os ipados
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-13541

    An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with ... Read more

    Affected Products : mobile-911_server
    • Published: Jan. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2012-10054

    Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path... Read more

    Affected Products : umbraco_cms
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-24325

    Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2012-10050

    CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitra... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2012-10052

    EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2012-10041

    WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2012-10027

    WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, lead... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication
Showing 20 of 292811 Results