Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-7309

    A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2024-4985

    An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to ... Read more

    Affected Products : enterprise_server
    • Published: May. 20, 2024
    • Modified: Aug. 27, 2025

  • 10.0

    HIGH
    CVE-2019-7992

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : macos photoshop_cc windows
    • EPSS Score: %11.91
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2025-9523

    A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the att... Read more

    Affected Products : ac1206_firmware
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2017-16926

    Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.... Read more

    Affected Products : ohcount
    • EPSS Score: %6.41
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2024-32741

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 26, 2025

  • 10.0

    CRITICAL
    CVE-2025-45854

    /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.... Read more

    Affected Products : jehc-bpm
    • Published: Jun. 03, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-41656

    An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-34054

    An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-34060

    A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to file_get_contents(... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-34063

    A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft val... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cryptography

  • 10.0

    CRITICAL
    CVE-2025-34067

    An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT dese... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-34070

    A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP servi... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-34073

    An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions <=0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs d... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2006-1887

    Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security Server 8.95.J1 has unknown impact and attack vectors, aka Vuln# JDE01.... Read more

    Affected Products : enterpriseone
    • EPSS Score: %2.30
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2025-30933

    Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub allows Upload a Web Shell to a Web Server. This issue affects LogisticsHub: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-49302

    Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This issue affects Easy Stripe: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-49414

    Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery allows Using Malicious Files. This issue affects FW Gallery: from n/a through 8.0.0.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    HIGH
    CVE-2019-1913

    Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the ... Read more

    • EPSS Score: %19.00
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-41672

    A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication
Showing 20 of 291783 Results