Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.2

    CRITICAL
    CVE-2025-43858

    YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from ... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.2

    CRITICAL
    CVE-2024-30407

    The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in com... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.2

    CRITICAL
    CVE-2024-21575

    ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files ... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 9.2

    CRITICAL
    CVE-2022-46179

    LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUB_ACTIONS environment variable to anything other than null or true and skip authentication che... Read more

    Affected Products : liuos
    • Published: Dec. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.2

    CRITICAL
    CVE-2024-21877

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: f... Read more

    • Published: Aug. 12, 2024
    • Modified: Aug. 23, 2024

  • 9.2

    CRITICAL
    CVE-2024-54130

    The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID (EID) set to dtn:none is ... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 9.2

    CRITICAL
    CVE-2024-8606

    Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication... Read more

    Affected Products : checkmk checkmk
    • Published: Sep. 23, 2024
    • Modified: Sep. 30, 2024

  • 9.2

    CRITICAL
    CVE-2025-5124

    A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of defa... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 9.2

    CRITICAL
    CVE-2024-10217

    XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.2

    CRITICAL
    CVE-2024-45586

    This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulati... Read more

    Affected Products : xts_mobile_trader xts_web_trader
    • Published: Sep. 03, 2024
    • Modified: Sep. 04, 2024

  • 9.2

    CRITICAL
    CVE-2024-48919

    Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an att... Read more

    Affected Products : cursor
    • Published: Oct. 22, 2024
    • Modified: Oct. 23, 2024

  • 9.2

    CRITICAL
    CVE-2025-0632

    Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download c... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Path Traversal

  • 9.2

    CRITICAL
    CVE-2024-44087

    A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validat... Read more

    Affected Products : automation_license_manager
    • Published: Sep. 10, 2024
    • Modified: May. 13, 2025

  • 9.2

    CRITICAL
    CVE-2023-29245

    A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the... Read more

    Affected Products : cmc guardian
    • Published: Sep. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.2

    CRITICAL
    CVE-2024-22170

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102.... Read more

    Affected Products : my_cloud_firmware
    • Published: Sep. 27, 2024
    • Modified: Sep. 30, 2024

  • 9.2

    CRITICAL
    CVE-2024-4009

    Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System... Read more

    • Published: Jun. 05, 2024
    • Modified: Mar. 27, 2025

  • 9.2

    CRITICAL
    CVE-2025-26692

    Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege whe... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal

  • 9.2

    CRITICAL
    CVE-2025-5598

    Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046.... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Path Traversal

  • 9.2

    CRITICAL
    CVE-2025-27419

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Denial of Service (DoS) vulnerability exists in WeGIA. This vulnerability allows any unauthenticated user to cause the server to become unresponsive by perfo... Read more

    Affected Products : wegia
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Denial of Service

  • 9.2

    CRITICAL
    CVE-2025-5993

    ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server pro... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Path Traversal
Showing 20 of 294860 Results