Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2008-1259

    The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within t... Read more

    Affected Products : p-2602hw-d1a
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-1152

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then inst... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1149

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then inst... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-40716

    SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2019-1146

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit th... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-1230

    Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page."... Read more

    Affected Products : jspwiki
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-34099

    An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidial_sales_viewer.php component when password encryption is enabled (a non-default configuration). The application improperly passes th... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2019-1118

    A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122... Read more

    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-1235

    Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Pri... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Mar. 27, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-1111

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1110.... Read more

    Affected Products : office office_365_proplus excel
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-27517

    Volt is an elegantly crafted functional API for Livewire. Malicious, user-crafted request payloads could potentially lead to remote code execution within Volt components. This vulnerability is fixed in 1.7.0.... Read more

    Affected Products : livewire
    • Published: Mar. 05, 2025
    • Modified: Mar. 05, 2025

  • 9.3

    HIGH
    CVE-2019-1110

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1111.... Read more

    Affected Products : office office_365_proplus excel
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-27519

    Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable ... Read more

    Affected Products :
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-25306

    Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacker can forge an object where they claim authority in the... Read more

    Affected Products : misskey
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Authorization

  • 9.3

    HIGH
    CVE-2019-1102

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.... Read more

    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-4641

    Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associa... Read more

    Affected Products :
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: XML External Entity

  • 9.3

    HIGH
    CVE-2008-1217

    Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-... Read more

    Affected Products : lotus_notes notes
    • Published: Mar. 09, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-1210

    Stack-based buffer overflow in the ctags parsing code in Programmer's Notepad before 2.0.8.718 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted .c file, when the victim selects ... Read more

    Affected Products : programmers_notepad
    • Published: Mar. 08, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-39389

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solid Plugins AnalyticsWP allows SQL Injection.This issue affects AnalyticsWP: from n/a through 2.1.2.... Read more

    Affected Products : analyticswp
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-25038

    An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attac... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection
Showing 20 of 294690 Results