Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-8738

    A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /actuator of the component Spring Actuator Interface. The manipulation leads to information dis... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 5.1

    MEDIUM
    CVE-2025-8737

    A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. This affects the function onLogoutSuccess of the file src/main/java/com/central/oauth/handler/OauthLogoutSuccessHandler.java. The manipulation o... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 5.3

    MEDIUM
    CVE-2025-8736

    A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach ... Read more

    Affected Products : cflow
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 4.8

    MEDIUM
    CVE-2025-8735

    A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached loc... Read more

    Affected Products : cflow
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 8.8

    HIGH
    CVE-2025-4796

    The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details lik... Read more

    Affected Products : eventin
    • Published: Aug. 08, 2025
    • Modified: Aug. 13, 2025

  • 9.3

    CRITICAL
    CVE-2012-10053

    Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the server uses vsprintf() without proper bounds checking, lea... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.3

    CRITICAL
    CVE-2012-10052

    EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 8.4

    HIGH
    CVE-2012-10051

    Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly valida... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.3

    CRITICAL
    CVE-2012-10050

    CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitra... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.3

    CRITICAL
    CVE-2012-10049

    WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 8.7

    HIGH
    CVE-2012-10048

    Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary command... Read more

    Affected Products : zenoss_core
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 10.0

    CRITICAL
    CVE-2012-10047

    Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This ... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.3

    CRITICAL
    CVE-2012-10046

    The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.3

    CRITICAL
    CVE-2012-10045

    XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file typ... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 10.0

    CRITICAL
    CVE-2012-10044

    MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthentic... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.3

    CRITICAL
    CVE-2012-10043

    A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp fil... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 8.7

    HIGH
    CVE-2012-10042

    Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials (admin:secret) and allows authenticated users to upload files via manage.php. The upload mechanis... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.3

    CRITICAL
    CVE-2012-10041

    WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.3

    CRITICAL
    CVE-2012-10036

    Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, allowing remote attackers to upload malicious PHP files ... Read more

    Affected Products : projectpier
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.3

    CRITICAL
    CVE-2010-10013

    An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied i... Read more

    Affected Products : ajaxplorer
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
Showing 20 of 290954 Results