Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-22473

    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potential... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-22472

    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potential... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-48828

    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-48017

    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potenti... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2024-48015

    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentia... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-22474

    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.8

    HIGH
    CVE-2024-48830

    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potential... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-48013

    Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Ele... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2024-48831

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.... Read more

    Affected Products : smartfabric_os10
    • Published: Mar. 17, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2023-50805

    A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 911... Read more

    • Published: Jul. 09, 2024
    • Modified: Jul. 14, 2025

  • 9.0

    CRITICAL
    CVE-2024-29855

    Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator... Read more

    Affected Products : recovery_orchestrator
    • Published: Jun. 11, 2024
    • Modified: Jul. 14, 2025

  • 7.5

    HIGH
    CVE-2024-9437

    SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request cau... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-9439

    SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability ... Read more

    Affected Products : superagi
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 6.2

    MEDIUM
    CVE-2025-2251

    A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allow... Read more

    Affected Products : undertow
    • Published: Apr. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-2744

    A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the arg... Read more

    Affected Products : ruoyi-vue-pro ruoyi-vue-pro
    • Published: Mar. 25, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-3618

    A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on th... Read more

    Affected Products : thinmanager
    • Published: Apr. 15, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 8.5

    HIGH
    CVE-2025-3617

    A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. ... Read more

    Affected Products : thinmanager
    • Published: Apr. 15, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-6436

    Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-6435

    If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vu... Read more

    Affected Products : firefox thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-6434

    The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability ... Read more

    Affected Products : firefox thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291712 Results