Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-3022

    Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2008-0805

    Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in sy... Read more

    Affected Products : medias_phpizabi
    • EPSS Score: %4.83
    • Published: Feb. 19, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-11263

    When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.... Read more

    Affected Products : zephyr
    • Published: Nov. 15, 2024
    • Modified: Feb. 03, 2025

  • 9.3

    HIGH
    CVE-2021-0967

    In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.P... Read more

    Affected Products : android
    • EPSS Score: %0.50
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-0599

    Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : windows
    • EPSS Score: %1.58
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-2566

    Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.... Read more

    Affected Products : mmplayer
    • EPSS Score: %63.26
    • Published: Jul. 21, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-4218

    Investintech.com SlimPDF Reader does not prevent faulting-instruction data from affecting write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.... Read more

    Affected Products : slimpdf_reader
    • EPSS Score: %2.79
    • Published: Nov. 01, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2024-13502

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2007-2855

    Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007... Read more

    Affected Products : dart_ziplite_compression
    • EPSS Score: %4.40
    • Published: May. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-4657

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software BAP Automation allows Stored XSS.This issue affects BAP Automation: before 30840.... Read more

    Affected Products :
    • Published: Sep. 25, 2024
    • Modified: Sep. 26, 2024

  • 9.3

    HIGH
    CVE-2013-1117

    Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corru... Read more

    Affected Products : webex_recording_format_player
    • EPSS Score: %2.20
    • Published: Sep. 06, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-0240

    In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: Android... Read more

    Affected Products : android
    • EPSS Score: %1.58
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-4148

    DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script inj... Read more

    Affected Products : daz_studio
    • EPSS Score: %2.13
    • Published: Dec. 04, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-28251

    NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to th... Read more

    • EPSS Score: %0.44
    • Published: Dec. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-6774

    Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.... Read more

    • EPSS Score: %0.04
    • Published: May. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-54152

    Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (u... Read more

    Affected Products : angular-expressions
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 9.3

    HIGH
    CVE-2011-4052

    Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long nam... Read more

    Affected Products : web_studio indusoft_web_studio
    • EPSS Score: %8.06
    • Published: Dec. 05, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2024-2421

    LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions.... Read more

    Affected Products :
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-30995

    Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.... Read more

    • EPSS Score: %46.43
    • Published: May. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31531

    The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : cilantro
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292495 Results