Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-4603

    The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauth... Read more

    • Published: May. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-20242

    A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication ... Read more

    Affected Products : unified_contact_center_enterprise
    • Published: May. 21, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2023-51839

    DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.... Read more

    Affected Products : smartphone_test_farm
    • Published: Jan. 29, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2008-3738

    Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.... Read more

    Affected Products : lacoodast
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 9.1

    CRITICAL
    CVE-2018-6440

    A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.... Read more

    Affected Products : fabric_operating_system fabric_os
    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-9015

    A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is del... Read more

    Affected Products : mopcms
    • Published: Feb. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-9565

    Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chro... Read more

    Affected Products : antidote
    • Published: Mar. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-9750

    In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs bec... Read more

    Affected Products : iotivity
    • Published: Mar. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-5926

    A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier.... Read more

    Affected Products : remote_graphics_software
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-6572

    A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP... Read more

    • Published: May. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-9890

    An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.... Read more

    Affected Products : gitlab
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-12146

    A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create direc... Read more

    Affected Products : ws_ftp_server
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-12154

    XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.... Read more

    Affected Products : pdfreactor
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-13906

    The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Sn... Read more

    • Published: Jun. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2017-17945

    The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.... Read more

    Affected Products : hivivo vivobaby
    • Published: Jun. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-14860

    Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system.... Read more

    Affected Products : odoo
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-12994

    Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.... Read more

    Affected Products : manageengine_assetexplorer
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-12479

    An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does... Read more

    Affected Products : twentytwenty.storage
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2019-7594

    Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).... Read more

    Affected Products : metasys_system
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-20981

    The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.... Read more

    Affected Products : ninja_forms
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results