Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-1049

    Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors.... Read more

    Affected Products : h-sphere sitestudio
    • Published: Feb. 27, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1040

    Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI.... Read more

    • Published: Feb. 27, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1030

    Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jun. 02, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-26853

    DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.... Read more

    Affected Products : infocad_fm infocad
    • Published: Mar. 20, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2019-19897

    In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using t... Read more

    Affected Products : easyinstall
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-54351

    In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).... Read more

    Affected Products : iperf3 iperf
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2012-10035

    Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary c... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2008-0960

    SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONT... Read more

    • Published: Jun. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0953

    The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than ... Read more

    Affected Products : instant_support
    • Published: Jun. 04, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0949

    Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.... Read more

    Affected Products : informix_dynamic_server
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-53767

    Azure OpenAI Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_open-ai azure_openai
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 10.0

    HIGH
    CVE-2025-8731

    A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. T... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2008-0935

    Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method.... Read more

    Affected Products : iprint_client iprint
    • Published: Feb. 25, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-23202

    Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vu... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-23218

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_especie.php endpoint. This vulnerability allows a... Read more

    Affected Products : wegia
    • Published: Jan. 20, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-23219

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attac... Read more

    Affected Products : wegia
    • Published: Jan. 20, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2019-19810

    Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target... Read more

    Affected Products : call_recording
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-0912

    Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of servic... Read more

    Affected Products : mobilink sql_anywhere
    • Published: Feb. 22, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-55971

    SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2019-19782

    The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.... Read more

    Affected Products : aceaxe_plus
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293508 Results