Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2025-53256

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection.This issue affects YaySMTP: from n/a through 2.6.5.... Read more

    Affected Products : yaysmtp
    • Published: Jun. 27, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2014-0769

    The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a... Read more

    • Published: Apr. 25, 2014
    • Modified: Jul. 02, 2025

  • 9.3

    HIGH
    CVE-2014-0760

    The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or ca... Read more

    • Published: Apr. 25, 2014
    • Modified: Jul. 02, 2025

  • 10.0

    CRITICAL
    CVE-2012-6069

    The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. ... Read more

    Affected Products : codesys_runtime_system
    • Published: Jan. 21, 2013
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-36621

    moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.... Read more

    Affected Products : moby
    • Published: Nov. 29, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-36622

    In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.... Read more

    Affected Products : raspap raspap-webgui
    • Published: Nov. 29, 2024
    • Modified: Jul. 02, 2025

  • 8.1

    HIGH
    CVE-2024-36623

    moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.... Read more

    Affected Products : moby
    • Published: Nov. 29, 2024
    • Modified: Jul. 02, 2025

  • 7.5

    HIGH
    CVE-2024-31669

    rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide.... Read more

    Affected Products : rizin
    • Published: Dec. 02, 2024
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-45206

    A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Dec. 04, 2024
    • Modified: Jul. 02, 2025

  • 7.0

    HIGH
    CVE-2024-45207

    DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Vee... Read more

    Affected Products : veeam_agent_for_windows
    • Published: Dec. 04, 2024
    • Modified: Jul. 02, 2025

  • 8.0

    HIGH
    CVE-2024-50699

    TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jul. 02, 2025

  • 7.5

    HIGH
    CVE-2024-37377

    A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Dec. 12, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-1861

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the ... Read more

    Affected Products : php ontap
    • Published: Mar. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-49177

    A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.... Read more

    • Published: Jun. 17, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 10.0

    HIGH
    CVE-2012-6068

    The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener ... Read more

    Affected Products : codesys_runtime_system
    • Published: Jan. 21, 2013
    • Modified: Jul. 02, 2025

  • 7.3

    HIGH
    CVE-2025-1736

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lea... Read more

    Affected Products : php ontap
    • Published: Mar. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-1734

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse ... Read more

    Affected Products : php ontap
    • Published: Mar. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2024-8929

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of ... Read more

    Affected Products : php
    • Published: Nov. 22, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-8932

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.... Read more

    Affected Products : php ontap
    • Published: Nov. 22, 2024
    • Modified: Jul. 02, 2025

  • 7.5

    HIGH
    CVE-2024-37401

    An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Dec. 12, 2024
    • Modified: Jul. 02, 2025
Showing 20 of 293647 Results