Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2024-6060

    An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.... Read more

    Affected Products :
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-28787

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4. ... Read more

    • Published: Mar. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-8074

    Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: before 13.10.2024.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-1325

    Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.... Read more

    Affected Products : ripper
    • EPSS Score: %10.09
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-6258

    The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack.... Read more

    Affected Products : alternc
    • EPSS Score: %1.92
    • Published: Dec. 04, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-4011

    The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.... Read more

    Affected Products : kunai
    • EPSS Score: %2.12
    • Published: Sep. 08, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4057

    Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file.... Read more

    Affected Products : remote-anything
    • EPSS Score: %33.14
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-1605

    Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: ... Read more

    Affected Products : sumatrapdf sumatrapdf
    • EPSS Score: %2.21
    • Published: May. 11, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-0521

    Code Injection in paddlepaddle/paddle... Read more

    Affected Products : paddlepaddle paddle
    • EPSS Score: %0.08
    • Published: Jan. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-2970

    Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.... Read more

    Affected Products : uiplayer baidux
    • EPSS Score: %5.85
    • Published: Oct. 19, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-26943

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes allows Blind SQL Injection. This issue affects Easy Quotes: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2009-1817

    Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .m3u or (2) .m3l playlist file.... Read more

    Affected Products : maya
    • EPSS Score: %6.26
    • Published: May. 29, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2023-37538

    HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). ... Read more

    Affected Products : digital_experience
    • EPSS Score: %0.23
    • Published: Oct. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-0103

    A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the ... Read more

    • EPSS Score: %0.38
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-1671

    Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType,... Read more

    Affected Products : jre
    • EPSS Score: %6.71
    • Published: May. 18, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-32778

    Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project (Lissy93/web-check). The issue stems from user-controlled input (url) being passed unsanitized into a ... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-41370

    A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2024-1143

    Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.... Read more

    Affected Products : central_dogma
    • EPSS Score: %0.28
    • Published: Feb. 02, 2024
    • Modified: Jun. 03, 2025

  • 9.3

    HIGH
    CVE-2009-1640

    Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Macintosh 4.04 allows user-assisted attackers to execute arbitrary code via a crafted .AMHH file.... Read more

    Affected Products : kernel_recovery
    • EPSS Score: %1.43
    • Published: May. 15, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-2261

    PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.... Read more

    Affected Products : peazip
    • EPSS Score: %70.59
    • Published: Jun. 30, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 292058 Results