Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2022-33195

    Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands t... Read more

    • EPSS Score: %0.32
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-29823

    Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.... Read more

    Affected Products : feathers-sequelize
    • EPSS Score: %1.12
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-36206

    All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries.... Read more

    Affected Products : cevas
    • EPSS Score: %0.15
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6137

    An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.... Read more

    Affected Products : trex
    • EPSS Score: %17.14
    • Published: Sep. 27, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3926

    Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953.... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3927

    Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244.... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3929

    Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675.... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2022-41875

    A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Op... Read more

    Affected Products : optica
    • EPSS Score: %6.93
    • Published: Nov. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6397

    A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and ... Read more

    • EPSS Score: %1.02
    • Published: Oct. 28, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6452

    A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 an... Read more

    Affected Products : prime_home
    • EPSS Score: %3.92
    • Published: Nov. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2025-47577

    Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a before 2.10.0.... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: May. 19, 2025
    • Modified: Jun. 05, 2025

  • 10.0

    CRITICAL
    CVE-2025-48748

    Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.... Read more

    Affected Products : directory_manager
    • Published: May. 29, 2025
    • Modified: Jun. 23, 2025

  • 10.0

    CRITICAL
    CVE-2025-5597

    Improper Authentication vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Authentication Bypass.This issue affects airleader MASTER: 3.00571.... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025

  • 10.0

    CRITICAL
    CVE-2025-29902

    Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025

  • 10.0

    HIGH
    CVE-2025-6121

    A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stac... Read more

    Affected Products : dir-632_firmware dir-632
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025

  • 10.0

    CRITICAL
    CVE-2025-49132

    Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With... Read more

    Affected Products : panel
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025

  • 10.0

    CRITICAL
    CVE-2025-6512

    On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025

  • 10.0

    CRITICAL
    CVE-2025-2828

    A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This... Read more

    Affected Products : langchain
    • Published: Jun. 23, 2025
    • Modified: Jul. 16, 2025

  • 10.0

    CRITICAL
    CVE-2025-52562

    Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025

  • 10.0

    CRITICAL
    CVE-2025-34036

    An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the ... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
Showing 20 of 290978 Results