Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2011-2446

    The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2448.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %5.76
    • Published: Nov. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2025-48148

    Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2022-31491

    Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. ... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-9118

    A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-46348

    YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and downl... Read more

    Affected Products : yeswiki
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-32444

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization o... Read more

    Affected Products : vllm
    • Published: Apr. 30, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2023-25574

    `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authe... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2019-7046

    Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitra... Read more

    • EPSS Score: %10.14
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-55169

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-34153

    Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI en... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2011-10011

    WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitra... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2011-10017

    Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell c... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2011-10018

    myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was intro... Read more

    Affected Products : mybb
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2011-10019

    Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send ... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-26853

    DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.... Read more

    Affected Products : infocad_fm infocad
    • Published: Mar. 20, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2018-0101

    A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerabi... Read more

    • EPSS Score: %90.80
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-54349

    In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.... Read more

    Affected Products : iperf3 iperf
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-54351

    In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).... Read more

    Affected Products : iperf3 iperf
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2012-10035

    Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary c... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2013-10066

    An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw ena... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication
Showing 20 of 291812 Results