Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.2

    CRITICAL
    CVE-2024-49360

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folde... Read more

    Affected Products : sandboxie sandboxie
    • Published: Nov. 29, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2025-46714

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extre... Read more

    Affected Products : sandboxie sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-46713

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that wou... Read more

    Affected Products : sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-25412

    com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.... Read more

    Affected Products : gnuplot gnuplot
    • EPSS Score: %0.68
    • Published: Sep. 16, 2020
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2025-52361

    Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is execut... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2019-19144

    XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: XML External Entity

  • 6.1

    MEDIUM
    CVE-2024-20512

    A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface... Read more

    • Published: Oct. 16, 2024
    • Modified: Aug. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-52597

    2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allo... Read more

    Affected Products : 2fauth
    • Published: Nov. 20, 2024
    • Modified: Aug. 04, 2025

  • 8.1

    HIGH
    CVE-2025-54955

    OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT... Read more

    Affected Products : opennebula
    • Published: Aug. 03, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-54796

    Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This ... Read more

    Affected Products : copyparty
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Denial of Service

  • 9.4

    CRITICAL
    CVE-2025-54782

    Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a l... Read more

    Affected Products : nest
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2013-10053

    A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-52598

    2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview a... Read more

    Affected Products : 2fauth
    • Published: Nov. 20, 2024
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2025-6078

    Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScr... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-54792

    LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software's discover... Read more

    Affected Products : localsend
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 2.5

    LOW
    CVE-2024-13978

    A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereferen... Read more

    Affected Products : libtiff
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2013-10059

    An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2013-10055

    An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attac... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2013-10050

    An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the ... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2013-10048

    An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending speciall... Read more

    Affected Products : dir-300_firmware dir-600_firmware
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection
Showing 20 of 291401 Results