Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-42116

    Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The... Read more

    Affected Products : exim
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 4.3

    MEDIUM
    CVE-2021-34751

    A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privi... Read more

    • Published: Nov. 15, 2024
    • Modified: Aug. 07, 2025

  • 5.8

    MEDIUM
    CVE-2021-34753

    A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This vulnerability ... Read more

    • Published: Nov. 15, 2024
    • Modified: Aug. 07, 2025

  • 9.8

    CRITICAL
    CVE-2023-42115

    Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw ex... Read more

    Affected Products : exim
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 7.2

    HIGH
    CVE-2024-5579

    Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerabi... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Aug. 07, 2025

  • 7.5

    HIGH
    CVE-2025-52364

    Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network... Read more

    Affected Products : cp3_pro_firmware cp3_pro
    • Published: Jul. 09, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2024-5580

    Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerabili... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Aug. 07, 2025

  • 7.2

    HIGH
    CVE-2024-5581

    Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific f... Read more

    Affected Products : allegra
    • Published: Nov. 22, 2024
    • Modified: Aug. 07, 2025

  • 4.6

    MEDIUM
    CVE-2025-52374

    Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.... Read more

    Affected Products : hmailserver
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 4.6

    MEDIUM
    CVE-2025-52373

    Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.... Read more

    Affected Products : hmailserver
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 5.0

    MEDIUM
    CVE-2025-44962

    RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2025-44961

    In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-44960

    RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-11612

    7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability b... Read more

    Affected Products : 7-zip
    • Published: Nov. 22, 2024
    • Modified: Aug. 07, 2025

  • 8.8

    HIGH
    CVE-2025-44957

    Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-44650

    In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-44655

    In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal n... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 3.9

    LOW
    CVE-2025-44657

    In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for i... Read more

    Affected Products : ea6350_firmware ea6350
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-44658

    In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tr... Read more

    Affected Products : rax30_firmware rax30
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-44651

    In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected.... Read more

    Affected Products : tpl-430ap_firmware tpl-430ap
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291358 Results