Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2025-9605

    A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack c... Read more

    Affected Products : ac23_firmware
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2021-32494

    Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. ... Read more

    Affected Products : radare2
    • EPSS Score: %0.19
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8178

    Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.... Read more

    Affected Products : jison
    • EPSS Score: %5.60
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-13981

    LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This flaw affects the LiveBOS Server component and allows unaut... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-57819

    FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipul... Read more

    Affected Products :
    • Actively Exploited
    • Published: Aug. 28, 2025
    • Modified: Aug. 30, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2024-51555

    Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Aug. 28, 2025

  • 10.0

    HIGH
    CVE-2006-0697

    Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.... Read more

    Affected Products : zen_cart
    • EPSS Score: %0.93
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2010-3553

    Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the prev... Read more

    Affected Products : jre sdk jdk
    • EPSS Score: %10.97
    • Published: Oct. 19, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2025-49387

    Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.5.3.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    HIGH
    CVE-2018-19990

    In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/... Read more

    • EPSS Score: %10.75
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18318

    Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A.... Read more

    • EPSS Score: %0.22
    • Published: Nov. 28, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-18439

    DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.... Read more

    Affected Products : u-boot
    • EPSS Score: %0.47
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1000832

    ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.... Read more

    Affected Products : zoneminder
    • EPSS Score: %8.16
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-34158

    Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres.... Read more

    Affected Products : media_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Information Disclosure

  • 10.0

    CRITICAL
    CVE-2024-29895

    Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. ... Read more

    Affected Products : cacti
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-1000652

    JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable v... Read more

    Affected Products : jabref
    • EPSS Score: %0.24
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-34163

    Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-34160

    AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. ... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2024-13980

    H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests w... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2018-25115

    Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands wi... Read more

    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection
Showing 20 of 291775 Results