Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.2

    CRITICAL
    CVE-2024-9465

    An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create... Read more

    • Actively Exploited
    • Published: Oct. 09, 2024
    • Modified: Nov. 15, 2024

  • 9.2

    CRITICAL
    CVE-2014-125126

    An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3) with HTTP requests. The application’s upload mechanis... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 9.2

    CRITICAL
    CVE-2024-1744

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1.... Read more

    Affected Products : accord_ors
    • Published: Sep. 06, 2024
    • Modified: Sep. 13, 2024

  • 9.2

    CRITICAL
    CVE-2024-10218

    XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 22, 2024

  • 9.2

    CRITICAL
    CVE-2024-10127

    Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.... Read more

    Affected Products : m-files_server
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 9.2

    CRITICAL
    CVE-2024-12297

    Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementatio... Read more

    Affected Products : pt-7728_firmware
    • Published: Jan. 15, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authentication

  • 9.2

    CRITICAL
    CVE-2025-40634

    Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the ... Read more

    Affected Products :
    • Published: May. 20, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2025-22896

    mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.... Read more

    Affected Products : mypro
    • Published: Feb. 13, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Cryptography

  • 9.2

    CRITICAL
    CVE-2025-26506

    Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.2

    CRITICAL
    CVE-2025-36546

    On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerabil... Read more

    Affected Products : f5os-a
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authentication

  • 9.2

    CRITICAL
    CVE-2025-53620

    @builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an invalid qfunc is sent, the server does not handle the thrown error. The error then causes Node JS t... Read more

    Affected Products : qwik
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025

  • 9.2

    CRITICAL
    CVE-2025-2492

    An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASU... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 9.2

    CRITICAL
    CVE-2025-20059

    Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9.... Read more

    Affected Products :
    • Published: Feb. 20, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Path Traversal

  • 9.2

    CRITICAL
    CVE-2025-54473

    An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 9.2

    CRITICAL
    CVE-2025-54790

    Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is ... Read more

    Affected Products : files
    • Published: Aug. 02, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.2

    CRITICAL
    CVE-2025-0798

    A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Handler. The manipulation leads to os command injection. T... Read more

    Affected Products : escan_anti-virus
    • Published: Jan. 29, 2025
    • Modified: Jan. 29, 2025
    • Vuln Type: Injection

  • 9.2

    CRITICAL
    CVE-2025-0103

    An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attac... Read more

    Affected Products : expedition pan-os prisma_access
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Injection

  • 9.2

    CRITICAL
    CVE-2025-8070

    The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.2

    CRITICAL
    CVE-2025-4638

    A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since ver... Read more

    Affected Products :
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2023-25581

    pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-... Read more

    Affected Products : pac4j
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024
Showing 20 of 294860 Results