Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-54883

    Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 (packaged in Vision-ui <= 1.4.0) contains a critical crypt... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cryptography

  • 9.3

    CRITICAL
    CVE-2012-10033

    Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This functi... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2014-125113

    An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-1987

    A Cross-Site Scripting (XSS) vulnerability has been identified in Psono-Client’s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a... Read more

    Affected Products : psono_client securepass
    • Published: Jun. 21, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2024-10044

    A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to explo... Read more

    Affected Products : fastchat
    • Published: Dec. 30, 2024
    • Modified: Jul. 29, 2025

  • 9.3

    CRITICAL
    CVE-2022-4978

    Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-6185

    Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cross-site scripting vulnerability, allowing an attacker to craft a malicious payload in URL parameters, which would execute in a client browser when accessed by a user, steal session t... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-34117

    A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-34101

    An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parame... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34102

    A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34095

    An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2016-2492

    The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410.... Read more

    Affected Products : android android_one
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2018-7923

    Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the app... Read more

    Affected Products : alp-l09_firmware alp-l09
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-50254

    Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. ... Read more

    Affected Products : deepin_reader deepin-compressor
    • Published: Dec. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-6749

    Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter.... Read more

    Affected Products : openser
    • Published: Dec. 27, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-5574

    Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text th... Read more

    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0766

    Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.... Read more

    Affected Products : .net_explorer
    • Published: Feb. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-7064

    Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.... Read more

    Affected Products : invision_power_board
    • Published: Feb. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2192

    Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.... Read more

    Affected Products : photofiltre_studio
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2648

    Stack-based buffer overflow in the Clever Database Comparer 2.2 ActiveX control (comparerax.ocx) allows remote attackers to execute arbitrary code via a long argument to the ConnectToDatabase function.... Read more

    Affected Products : clever_database_comparer
    • Published: May. 14, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292803 Results