Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2014-0758

    An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.... Read more

    Affected Products : genesis32
    • EPSS Score: %0.64
    • Published: Feb. 24, 2014
    • Modified: Aug. 22, 2025

  • 7.1

    HIGH
    CVE-2014-0757

    Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.... Read more

    Affected Products : codesys_runtime_toolkit
    • EPSS Score: %0.90
    • Published: Jan. 31, 2014
    • Modified: Aug. 22, 2025

  • 7.5

    HIGH
    CVE-2014-0752

    The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.... Read more

    Affected Products : integraxor
    • EPSS Score: %0.65
    • Published: Jan. 09, 2014
    • Modified: Aug. 22, 2025

  • 7.5

    HIGH
    CVE-2014-0751

    The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious f... Read more

    • EPSS Score: %1.48
    • Published: Jan. 25, 2014
    • Modified: Aug. 22, 2025

  • 7.5

    HIGH
    CVE-2014-0750

    Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code ... Read more

    • EPSS Score: %37.56
    • Published: Jan. 25, 2014
    • Modified: Aug. 22, 2025

  • 5.3

    MEDIUM
    CVE-2025-9139

    A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be p... Read more

    Affected Products : scada-lts
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2025-55742

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This... Read more

    Affected Products : unopim
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-55743

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an... Read more

    Affected Products : unopim
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-55744

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.... Read more

    Affected Products : unopim
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.2

    HIGH
    CVE-2025-57764

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cargos.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in... Read more

    Affected Products : wegia
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 8.2

    HIGH
    CVE-2025-57765

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the pre_cadastro_adotante.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malic... Read more

    Affected Products : wegia
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-47054

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the co... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8611

    AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to ex... Read more

    Affected Products : cyber_backup
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-13144

    A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-i... Read more

    Affected Products : my-blog my-blog
    • Published: Jan. 06, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-13145

    A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument fil... Read more

    Affected Products : my-blog my-blog
    • Published: Jan. 06, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-13195

    A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been classified as critical. This affects the function getHtml of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the argument url leads to server-side... Read more

    Affected Products : bookstore
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-13196

    A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been declared as problematic. This vulnerability affects the function BookSearchList of the file src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. The manipulatio... Read more

    Affected Products : bookstore
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13197

    A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been rated as problematic. This issue affects the function updateUser of the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. The manipulation leads t... Read more

    Affected Products : bookstore
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-13210

    A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The ma... Read more

    Affected Products : bookstore
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-13454

    Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3... Read more

    Affected Products : easy-rsa
    • Published: Jan. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cryptography
Showing 20 of 291617 Results