Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-39474

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely allows SQL Injection. This issue affects Amely: from n/a through 3.1.4.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-40711

    SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/VerFacturaPDF.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-40717

    SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagin... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34096

    A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to p... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-24759

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Blind SQL Injection. This issue affects WP-BusinessDirectory: from n/a throu... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2013-10051

    A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and ex... Read more

    Affected Products : instantcms
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-53417

    DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2010-10013

    An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied i... Read more

    Affected Products : ajaxplorer
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2012-10038

    Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These file... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-52720

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection. This issue affects Super Store Finder: from n/a through 7.5.... Read more

    Affected Products : super_store_finder
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2016-6705

    An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privile... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-6734

    An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of ... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-6741

    An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-6745

    An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first re... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-6706

    An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because ... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Dec. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-6782

    An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. ... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.15
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-8428

    An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device comp... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.26
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0383

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to ele... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-6526

    The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %0.13
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2021-40965

    A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.... Read more

    Affected Products : tinyfilemanager
    • EPSS Score: %0.13
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292652 Results