Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2020-36565

    Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.... Read more

    Affected Products : windows echo
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2019-16905

    OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution beca... Read more

    • Published: Oct. 09, 2019
    • Modified: Apr. 23, 2025

  • 10.0

    CRITICAL
    CVE-2015-8104

    The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.... Read more

    • Published: Nov. 16, 2015
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2009-3791

    Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors.... Read more

    Affected Products : flash_media_server
    • Published: Dec. 21, 2009
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2009-2541

    The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.... Read more

    Affected Products : playstation_3
    • Published: Jul. 20, 2009
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2008-2991

    Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log.... Read more

    Affected Products : robohelp_server
    • Published: Jul. 09, 2008
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2008-0642

    Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspeci... Read more

    Affected Products : robohelp
    • Published: Feb. 15, 2008
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2001-0827

    Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.... Read more

    Affected Products : ceberus_ftp_server
    • Published: Dec. 06, 2001
    • Modified: Apr. 23, 2025

  • 5.5

    MEDIUM
    CVE-2025-30305

    XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue re... Read more

    • Published: Apr. 08, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-43014

    In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation... Read more

    Affected Products : toolbox
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2024-40507

    Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function.... Read more

    Affected Products : openpetra
    • Published: Sep. 26, 2024
    • Modified: Apr. 23, 2025

  • 7.3

    HIGH
    CVE-2024-40508

    Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function.... Read more

    Affected Products : openpetra
    • Published: Sep. 26, 2024
    • Modified: Apr. 23, 2025

  • 7.3

    HIGH
    CVE-2024-40511

    Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function.... Read more

    Affected Products : openpetra
    • Published: Sep. 27, 2024
    • Modified: Apr. 23, 2025

  • 7.3

    HIGH
    CVE-2024-40512

    Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function.... Read more

    Affected Products : openpetra
    • Published: Sep. 27, 2024
    • Modified: Apr. 23, 2025

  • 7.3

    HIGH
    CVE-2024-40506

    Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function.... Read more

    Affected Products : openpetra
    • Published: Sep. 26, 2024
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-3679

    A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exp... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 16, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-3163

    A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the ... Read more

    Affected Products : lmdeploy
    • Published: Apr. 03, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-43013

    In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible... Read more

    Affected Products : toolbox
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-42921

    In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin... Read more

    Affected Products : toolbox
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-3164

    A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Han... Read more

    Affected Products : supersonic
    • Published: Apr. 03, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection
Showing 20 of 293608 Results