Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2024-45367

    The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.... Read more

    Affected Products :
    • Published: Oct. 03, 2024
    • Modified: Oct. 04, 2024

  • 9.3

    CRITICAL
    CVE-2025-46460

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Detheme Easy Guide allows SQL Injection. This issue affects Easy Guide: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2022-27660

    A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.... Read more

    • EPSS Score: %0.47
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-2717

    Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs... Read more

    • EPSS Score: %0.38
    • Published: Mar. 28, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-1000006

    GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arb... Read more

    • EPSS Score: %92.09
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-6492

    The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local users to gain privileges via a crafted application that makes an MT6573FDVTIOC_T_SET_FDCONF_CMD IOCTL call.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2024-49681

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 9.3

    HIGH
    CVE-2011-5158

    Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file i... Read more

    Affected Products : grundpaket_basis
    • EPSS Score: %0.56
    • Published: Sep. 07, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-0449

    In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitat... Read more

    Affected Products : android
    • EPSS Score: %0.29
    • Published: Nov. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-48974

    The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a co... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 9.3

    HIGH
    CVE-2012-6558

    Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) file.... Read more

    Affected Products : pe_explorer
    • EPSS Score: %7.76
    • Published: May. 23, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-4265

    Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file.... Read more

    Affected Products : ideal_administration_2009
    • EPSS Score: %67.07
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-0204

    Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileg... Read more

    • EPSS Score: %0.66
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0224

    Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223.... Read more

    Affected Products : aquis
    • EPSS Score: %0.49
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2024-5328

    A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs bef... Read more

    Affected Products : lunary
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-0113

    Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.... Read more

    Affected Products : pdf_reader pdf_reader_plus
    • EPSS Score: %3.57
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2017-8142

    The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user... Read more

    • EPSS Score: %0.20
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2009-4676

    Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long title in a FLAC file. NOTE: the provenance of this information is unknown; the details are obtained solely f... Read more

    Affected Products : jetaudio jetaudio
    • EPSS Score: %5.61
    • Published: Mar. 05, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2014-9869

    drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted applicati... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Aug. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2007-1787

    Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir pa... Read more

    Affected Products : time-assistant
    • EPSS Score: %7.19
    • Published: Mar. 31, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291804 Results