Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2025-23219

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attac... Read more

    Affected Products : wegia
    • Published: Jan. 20, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2019-19810

    Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target... Read more

    Affected Products : call_recording
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-0912

    Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of servic... Read more

    Affected Products : mobilink sql_anywhere
    • Published: Feb. 22, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-55971

    SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2019-19782

    The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.... Read more

    Affected Products : aceaxe_plus
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-30364

    WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the id_funcionario parameter. This vulnerability allows the execution o... Read more

    Affected Products : wegia
    • Published: Mar. 27, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-49444

    Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor allows Upload a Web Shell to a Web Server. This issue affects Reformer for Elementor: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2008-0882

    Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an u... Read more

    Affected Products : cups
    • Published: Feb. 21, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-34105

    A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a sp... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2008-0823

    Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.... Read more

    Affected Products : header_image
    • Published: Feb. 19, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-4285

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Injection.This issue affects Agentis: before 4.32.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2008-0763

    Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier allows remote attackers to execute arbitrary code via a long argument in a LICENSE command on TCP port 3114.... Read more

    Affected Products : network_print_server
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-48123

    Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Code Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2008-0764

    Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.... Read more

    Affected Products : network_print_server
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0768

    Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code ... Read more

    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-3023

    unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.... Read more

    Affected Products : clamav clamav
    • Published: Jun. 07, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0748

    Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging metho... Read more

    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-48748

    Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.... Read more

    Affected Products : directory_manager
    • Published: May. 29, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    HIGH
    CVE-2008-0735

    SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.... Read more

    Affected Products : auracms
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0741

    Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors.... Read more

    Affected Products : websphere_application_server
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 292803 Results