Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-24480

    A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user.... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-23215

    PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its pa... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Cryptography

  • 9.3

    HIGH
    CVE-2008-0632

    Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root direct... Read more

    Affected Products : lightblog
    • Published: Feb. 06, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-1335

    The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by sending packets from a source machine with a different ... Read more

    Affected Products : netbsd netbsd_current
    • Published: Mar. 13, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-43649

    Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common ... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2024-43651

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The <redacted> binar... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2024-43655

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The attacke... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-30807

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martin Nguyen Next-Cart Store to WooCommerce Migration allows SQL Injection. This issue affects Next-Cart Store to WooCommerce Migration: from n/a throug... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2008-1328

    Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."... Read more

    • Published: Apr. 07, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-31484

    conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-31911

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Share And Social Locker allows Blind SQL Injection. This issue affects Social Share And Social Locker: from n/a through 1.4.2.... Read more

    Affected Products : social_share_and_social_locker
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2008-0531

    Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message.... Read more

    • Published: Feb. 15, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-1280

    A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remo... Read more

    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-0516

    PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: the provenance of this information is unknown; the details are ob... Read more

    Affected Products : sqlitemanager sqlite_manager
    • Published: Jan. 31, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-3578

    A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or development environments. In addition, it would be possi... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-3579

    In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with internal services such... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-27302

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Claudio Adrian Marrero CHATLIVE allows SQL Injection. This issue affects CHATLIVE: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-32636

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in matthewrubin Local Magic allows SQL Injection. This issue affects Local Magic: from n/a through 2.6.0.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-32665

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator allows SQL Injection. This issue affects Office Locator: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2019-1638

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected softwa... Read more

    • Published: Jan. 23, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results