Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2021-42017

    A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCO... Read more

    • EPSS Score: %0.09
    • Published: Mar. 08, 2022
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2021-42016

    A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCO... Read more

    • EPSS Score: %0.14
    • Published: Mar. 08, 2022
    • Modified: Aug. 12, 2025

  • 6.7

    MEDIUM
    CVE-2021-37209

    A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200... Read more

    • EPSS Score: %0.09
    • Published: Mar. 08, 2022
    • Modified: Aug. 12, 2025

  • 9.6

    CRITICAL
    CVE-2021-37208

    A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM... Read more

    • EPSS Score: %0.58
    • Published: Mar. 08, 2022
    • Modified: Aug. 12, 2025

  • 8.8

    HIGH
    CVE-2017-12736

    After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrati... Read more

    • EPSS Score: %0.28
    • Published: Dec. 26, 2017
    • Modified: Aug. 12, 2025

  • 7.4

    HIGH
    CVE-2025-5024

    A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also re... Read more

    • Published: May. 22, 2025
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-47580

    Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through 3.2.32.... Read more

    Affected Products : front_end_users
    • Published: May. 15, 2025
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-47445

    Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26.... Read more

    Affected Products : eventin
    • Published: May. 14, 2025
    • Modified: Aug. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-4520

    The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with ... Read more

    Affected Products : uncanny_automator
    • Published: May. 14, 2025
    • Modified: Aug. 12, 2025

  • 9.1

    CRITICAL
    CVE-2025-3623

    The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for unauthenticate... Read more

    Affected Products : uncanny_automator
    • Published: May. 14, 2025
    • Modified: Aug. 12, 2025

  • 8.8

    HIGH
    CVE-2025-1137

    IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.... Read more

    • Published: May. 10, 2025
    • Modified: Aug. 12, 2025

  • 6.5

    MEDIUM
    CVE-2025-4166

    Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vu... Read more

    Affected Products : vault
    • Published: May. 02, 2025
    • Modified: Aug. 12, 2025

  • 8.8

    HIGH
    CVE-2025-3879

    Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault E... Read more

    Affected Products : vault
    • Published: May. 02, 2025
    • Modified: Aug. 12, 2025

  • 6.5

    MEDIUM
    CVE-2025-52081

    In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter.... Read more

    Affected Products : xr300_firmware xr300
    • Published: Jul. 15, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2024-52903

    IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.... Read more

    Affected Products : linux_kernel db2 windows unix
    • Published: May. 01, 2025
    • Modified: Aug. 12, 2025

  • 8.8

    HIGH
    CVE-2024-43223

    Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2.... Read more

    Affected Products : eventprime eventprime
    • Published: Nov. 01, 2024
    • Modified: Aug. 12, 2025

  • 6.4

    MEDIUM
    CVE-2024-4361

    The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on use... Read more

    Affected Products : page_builder
    • Published: May. 21, 2024
    • Modified: Aug. 12, 2025

  • 8.4

    HIGH
    CVE-2025-8854

    Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly ... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 9.0

    HIGH
    CVE-2025-8833

    A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file /goform/langSwitchBack. The manipulation of the argument langSelectionOnly leads to stac... Read more

    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 9.0

    HIGH
    CVE-2025-8832

    A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffe... Read more

    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025
Showing 20 of 290990 Results