Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2025-34063

    A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft val... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cryptography

  • 10.0

    CRITICAL
    CVE-2025-34070

    A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP servi... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2008-1558

    Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an ... Read more

    Affected Products : mplayer
    • Published: Mar. 31, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-30933

    Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub allows Upload a Web Shell to a Web Server. This issue affects LogisticsHub: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-49302

    Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This issue affects Easy Stripe: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-49414

    Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery allows Using Malicious Files. This issue affects FW Gallery: from n/a through 8.0.0.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2023-6018

    An attacker can overwrite any file on the server hosting MLflow without any authentication.... Read more

    Affected Products : mlflow
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-1449

    A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SY... Read more

    Affected Products : office office_365_proplus
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-34166

    An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request ... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2024-39608

    A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerabili... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2024-39760

    Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP req... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2016-6953

    Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary ... Read more

    • Published: Oct. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2025-4978

    A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It ... Read more

    Affected Products : dgnd3700_firmware dgnd3700
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-48200

    The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.... Read more

    Affected Products : sr_feuser_register_extension
    • Published: May. 21, 2025
    • Modified: May. 21, 2025

  • 10.0

    CRITICAL
    CVE-2025-47642

    Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server. This issue affects Ajar in5 Embed: from n/a through 3.1.5.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-47687

    Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    HIGH
    CVE-2008-1491

    Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.... Read more

    Affected Products : remote_console
    • Published: Mar. 25, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-1867

    Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3.... Read more

    Affected Products : libhv
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2020-10640

    Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.... Read more

    Affected Products : openenterprise_scada_server
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-1392

    The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.... Read more

    Affected Products : player vmware_workstation ace windows
    • Published: Mar. 20, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 292803 Results