Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2008-0984

    The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.... Read more

    Affected Products : vlc_media_player miro_player
    • Published: Feb. 26, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-41371

    A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2013-10054

    An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 9.3

    HIGH
    CVE-2008-0948

    Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote ... Read more

    Affected Products : kerberos_5
    • Published: Mar. 19, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2013-10064

    A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    HIGH
    CVE-2008-0958

    Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control in NCTAudioGrabber2.dll allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : nctaudioeditor_activex_control
    • Published: May. 29, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-1290

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-201... Read more

    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-0955

    Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value.... Read more

    • Published: May. 29, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-0952

    The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the... Read more

    Affected Products : instant_support
    • Published: Jun. 04, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-0951

    Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled... Read more

    Affected Products : windows_vista
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2012-10049

    WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 9.3

    HIGH
    CVE-2019-19814

    In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-0287

    Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • Published: Feb. 12, 2014
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2025-26898

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-30886

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-30971

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes allows SQL Injection. This issue affects XV Random Quotes: from n/a through 1.40.... Read more

    Affected Products : xv_random_quotes
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34103

    An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed t... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34110

    A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-s... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-34111

    An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scr... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-28959

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Md Yeasin Ul Haider URL Shortener allows SQL Injection. This issue affects URL Shortener: from n/a through 3.0.7.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection
Showing 20 of 294690 Results