Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2019-1638

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected softwa... Read more

    • Published: Jan. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-16417

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation th... Read more

    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2025-24773

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows SQL Injection. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-47573

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from n/a through 92.0.0.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-49452

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Ladó PostaPanduri allows SQL Injection. This issue affects PostaPanduri: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2008-0470

    A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method.... Read more

    Affected Products : activex comodo_antivirus
    • Published: Jan. 29, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-54294

    A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2015-10141

    An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol comma... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2018-25114

    A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after install... Read more

    Affected Products : online_merchant
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 9.3

    HIGH
    CVE-2010-1247

    Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vu... Read more

    Affected Products : excel
    • Published: Jun. 08, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2014-125117

    A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unaut... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-34203

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that include outdated, end-of-life, unsupported, or otherwise ... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-34192

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cryptography

  • 9.3

    CRITICAL
    CVE-2025-34198

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys (RSA, EC... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    HIGH
    CVE-2008-1423

    Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its code... Read more

    • Published: May. 16, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2013-10033

    An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific ... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2008-0311

    Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.... Read more

    Affected Products : caliberrm
    • Published: Apr. 06, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-0320

    Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.... Read more

    Affected Products : openoffice.org
    • Published: Apr. 17, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-14722

    An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/... Read more

    Affected Products : btrfsmaintenance
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-3861

    LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to exec... Read more

    Affected Products : android
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 294806 Results