Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-9078

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews v... Read more

    Affected Products : mattermost_server
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-35307

    Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Jun. 10, 2024
    • Modified: Sep. 16, 2025

  • 8.8

    HIGH
    CVE-2024-12971

    Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 17, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-12992

    Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 .... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 17, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-35306

    OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Jun. 10, 2024
    • Modified: Sep. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-35305

    Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Jun. 10, 2024
    • Modified: Sep. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-35304

    System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Jun. 10, 2024
    • Modified: Sep. 16, 2025

  • 9.1

    CRITICAL
    CVE-2023-44092

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue aff... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 19, 2024
    • Modified: Sep. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-44091

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 19, 2024
    • Modified: Sep. 16, 2025

  • 6.8

    MEDIUM
    CVE-2023-44090

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affects Pa... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 19, 2024
    • Modified: Sep. 16, 2025

  • 5.5

    MEDIUM
    CVE-2025-8746

    A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclose... Read more

    Affected Products : libopts
    • Published: Aug. 09, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-8751

    A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. It has been classified as problematic. This affects an unknown part of the component Block Page. The manipulation of the argument Category leads to cross site scriptin... Read more

    Affected Products : total_webshield
    • Published: Aug. 09, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8752

    A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. Th... Read more

    Affected Products : spring-shiro-training
    • Published: Aug. 09, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8773

    A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/login_getPasswordErrorNum.action. The manipulation of the argument userBean.loginN... Read more

    Affected Products : monitoring_platform
    • Published: Aug. 09, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-10536

    This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025

  • 8.8

    HIGH
    CVE-2025-10533

    This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025

  • 7.1

    HIGH
    CVE-2025-10527

    This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025

  • 7.5

    HIGH
    CVE-2008-20001

    activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the c... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2023-41793

    : Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Mar. 19, 2024
    • Modified: Sep. 16, 2025

  • 4.7

    MEDIUM
    CVE-2025-8774

    A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. L... Read more

    Affected Products : risvc-boom
    • Published: Aug. 09, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Denial of Service
Showing 20 of 294454 Results