Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-50592

    Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.... Read more

    Affected Products : seacms
    • Published: Aug. 05, 2025
    • Modified: Aug. 15, 2025

  • 9.3

    CRITICAL
    CVE-2014-125113

    An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025

  • 10.0

    CRITICAL
    CVE-2013-10070

    PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025

  • 10.0

    CRITICAL
    CVE-2013-10069

    The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker c... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025

  • 9.4

    CRITICAL
    CVE-2013-10068

    Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL ... Read more

    Affected Products : pdf_reader
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025

  • 9.4

    CRITICAL
    CVE-2013-10067

    Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025

  • 10.0

    CRITICAL
    CVE-2013-10066

    An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw ena... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025

  • 8.7

    HIGH
    CVE-2013-10065

    A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025

  • 9.3

    CRITICAL
    CVE-2013-10064

    A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025

  • 10.0

    CRITICAL
    CVE-2012-10035

    Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary c... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025

  • 8.7

    HIGH
    CVE-2012-10034

    ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outsi... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025

  • 9.3

    CRITICAL
    CVE-2012-10033

    Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This functi... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025

  • 8.7

    HIGH
    CVE-2012-10032

    Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. T... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025

  • 8.6

    HIGH
    CVE-2012-10031

    BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNam... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025

  • 9.3

    CRITICAL
    CVE-2012-10030

    FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, an... Read more

    Affected Products : freefloat_ftp_server
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025

  • 8.6

    HIGH
    CVE-2012-10029

    Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execut... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025

  • 8.6

    HIGH
    CVE-2012-10028

    Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code ... Read more

    Affected Products : surgeftp
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025

  • 9.3

    CRITICAL
    CVE-2012-10027

    WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, lead... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025

  • 10.0

    CRITICAL
    CVE-2012-10026

    The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025

  • 10.0

    CRITICAL
    CVE-2012-10025

    The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
Showing 20 of 290978 Results