Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-54214

    Unrestricted Upload of File with Dangerous Type vulnerability in Roninwp Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18.... Read more

    Affected Products : revy
    • Published: Dec. 06, 2024
    • Modified: Dec. 20, 2024

  • 10.0

    CRITICAL
    CVE-2024-56799

    Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has ... Read more

    Affected Products :
    • Published: Dec. 30, 2024
    • Modified: Dec. 30, 2024

  • 10.0

    CRITICAL
    CVE-2024-56064

    Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 10.0

    CRITICAL
    CVE-2017-13322

    In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User int... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Denial of Service

  • 10.0

    CRITICAL
    CVE-2025-23220

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows atta... Read more

    Affected Products : wegia
    • Published: Jan. 20, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-26606

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `informacao_adicional.php` endpoint. This vulnerability could allow an attacker to execu... Read more

    Affected Products : wegia
    • Published: Feb. 18, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-26612

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `adicionar_almoxarife.php` endpoint. This vulnerability could allow an attacker to execu... Read more

    Affected Products : wegia
    • Published: Feb. 18, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-26617

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `historico_paciente.php` endpoint. This vulnerability could allow an attacker to execute... Read more

    Affected Products : wegia
    • Published: Feb. 18, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-26776

    Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3.... Read more

    Affected Products :
    • Published: Feb. 22, 2025
    • Modified: Feb. 22, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-26701

    An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.... Read more

    Affected Products : monitoring_and_management
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2024-12909

    A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vulnerability can be exploited by an attacker to inject arb... Read more

    Affected Products : llamaindex
    • Published: Mar. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2021-47667

    An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a ... Read more

    Affected Products : zendto
    • Published: Apr. 05, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-0505

    On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state... Read more

    Affected Products : cloudvision_portal
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-29813

    [Spoofable identity claims] Authentication Bypass by Assumed-Immutable Data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_devops
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2023-6977

    This vulnerability enables malicious users to read sensitive files on the server.... Read more

    Affected Products : mlflow
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-48418

    In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges n... Read more

    Affected Products : pixel_watch_firmware pixel_watch
    • Published: Jan. 02, 2024
    • Modified: Feb. 13, 2025

  • 10.0

    CRITICAL
    CVE-2023-49617

    The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication. ... Read more

    Affected Products : feverwarn_firmware feverwarn
    • Published: Feb. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-47143

    IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerabl... Read more

    • Published: Feb. 02, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-27767

    CWE-287: Improper Authentication may allow Authentication Bypass ... Read more

    Affected Products : unilogic
    • Published: Mar. 18, 2024
    • Modified: Mar. 10, 2025

  • 10.0

    CRITICAL
    CVE-2024-24578

    RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the J... Read more

    Affected Products : raspberrymatic
    • Published: Mar. 18, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293508 Results