Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2024-7395

    An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-7397

    Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2.... Read more

    Affected Products :
    • Published: Aug. 05, 2024
    • Modified: Aug. 06, 2024

  • 9.3

    CRITICAL
    CVE-2024-6913

    Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0.... Read more

    Affected Products : windows processplus
    • Published: Jul. 22, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-55976

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mike Leembruggen Critical Site Intel allows SQL Injection.This issue affects Critical Site Intel: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.3

    CRITICAL
    CVE-2010-20115

    Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an at... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    HIGH
    CVE-2011-3321

    Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execut... Read more

    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-2879

    Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and... Read more

    Affected Products : webex
    • Published: Dec. 18, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-2080

    Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the produ... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-2199

    SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpec... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2024-9834

    Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 9.3

    CRITICAL
    CVE-2025-27593

    The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Supply Chain

  • 9.3

    HIGH
    CVE-2011-5006

    Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attackers to execute arbitrary code via a crafted PnSize value in a MOV file.... Read more

    Affected Products : qqplayer
    • Published: Dec. 25, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2021-29302

    TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may ... Read more

    Affected Products : tl-wr802n_firmware tl-wr802n
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-40714

    SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo id_factura in /<Client>FacturaE/listado_facturas_ficha.jsp.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-40715

    SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2012-4607

    Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data.... Read more

    Affected Products : networker
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-1646

    Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file.... Read more

    Affected Products : mini-stream_rm_downloader
    • Published: May. 15, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-24664

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes – Worldwide Express Edition allows SQL Injection. This issue affects LTL Freight Quotes – Worldwide Express Edition... Read more

    Affected Products : ltl_freight_quotes
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025

  • 9.3

    HIGH
    CVE-2017-10831

    Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2018-4854

    A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes t... Read more

    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292875 Results