Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2012-10025

    The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2013-10070

    PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2025-8730

    A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be la... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-25174

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inclusion. This issue affects BeeTeam368 Extensions: from n/a through 1.9.4.... Read more

    Affected Products : vidmov
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 10.0

    HIGH
    CVE-2020-11307

    Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables... Read more

    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6725

    A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote co... Read more

    Affected Products : android
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-11633

    The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges.... Read more

    Affected Products : client_connector
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-21820

    A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.... Read more

    Affected Products : dir-3040_firmware dir-3040
    • Published: Jul. 16, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-5349

    Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnerability and gain administrative privileges.... Read more

    • Published: Jul. 19, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-22729

    A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior t... Read more

    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3169

    An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.... Read more

    Affected Products : jumpserver jumpserver
    • Published: Jul. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9965

    Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privi... Read more

    Affected Products : samsung_mobile
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-33527

    In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with th... Read more

    Affected Products : mbdialup
    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37167

    An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the devic... Read more

    • Published: Aug. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9223

    A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vu... Read more

    Affected Products : cloudcenter_orchestrator
    • Published: Dec. 26, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-10126

    Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API ... Read more

    Affected Products : splunk
    • Published: Jan. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2021-35395

    Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based... Read more

    • Actively Exploited
    • Published: Aug. 16, 2021
    • Modified: Aug. 13, 2025

  • 10.0

    HIGH
    CVE-2016-8204

    A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.... Read more

    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2020-19001

    Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'.... Read more

    Affected Products : simiki
    • Published: Aug. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-8362

    Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.... Read more

    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293414 Results