Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-9985

    Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    HIGH
    CVE-2021-31698

    Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon.... Read more

    Affected Products : eg25-g_firmware eg25-g
    • EPSS Score: %0.42
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26059

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system command... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9860

    An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version th... Read more

    • EPSS Score: %0.44
    • Published: Aug. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2025-1866

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2019-10533

    Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon We... Read more

    • EPSS Score: %0.25
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10534

    Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wear... Read more

    • EPSS Score: %0.22
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25072

    TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.... Read more

    Affected Products : archer_a54_firmware archer_a54
    • EPSS Score: %3.35
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2025-2620

    A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffe... Read more

    Affected Products : dap-1620_firmware dap-1620
    • Published: Mar. 22, 2025
    • Modified: Mar. 26, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2019-10539

    Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon ... Read more

    • EPSS Score: %0.43
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10540

    Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdra... Read more

    • EPSS Score: %0.94
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0035

    QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Op... Read more

    Affected Products : junos qfx10002 qfx5200
    • EPSS Score: %0.12
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0040

    Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.... Read more

    Affected Products : contrail_service_orchestration
    • EPSS Score: %0.17
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-0766

    Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a "Receive data file" LPD command. NOTE: some of ... Read more

    • EPSS Score: %11.63
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-37903

    vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker ha... Read more

    Affected Products : vm2
    • EPSS Score: %35.57
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-32642

    Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 10.0

    CRITICAL
    CVE-2025-34027

    The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check ... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-47419

    Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. Thi... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cryptography

  • 10.0

    HIGH
    CVE-2018-0349

    A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-te... Read more

    • EPSS Score: %1.25
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-21806

    A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.... Read more

    • EPSS Score: %2.00
    • Published: Jun. 17, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291385 Results