Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2013-10057

    A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec c... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2013-10055

    An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attac... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2013-10053

    A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2013-10051

    A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and ex... Read more

    Affected Products : instantcms
    • Published: Aug. 01, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2013-10050

    An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the ... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2013-10049

    An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize u... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2013-10048

    An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending speciall... Read more

    Affected Products : dir-300_firmware dir-600_firmware
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2013-10047

    An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacke... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2013-10046

    A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accept... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2013-10044

    An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file u... Read more

    Affected Products : openemr
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2012-10022

    Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user ... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2025-8480

    Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The ... Read more

    • Published: Aug. 01, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2025-8477

    Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this v... Read more

    • Published: Aug. 01, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-8476

    Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerab... Read more

    • Published: Aug. 01, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2025-8475

    Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to explo... Read more

    • Published: Aug. 01, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-8474

    Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploi... Read more

    • Published: Aug. 01, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.6

    MEDIUM
    CVE-2025-8473

    Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulne... Read more

    • Published: Aug. 01, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2025-8472

    Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required ... Read more

    • Published: Aug. 01, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-6037

    Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In t... Read more

    Affected Products : vault
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-6015

    Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.... Read more

    Affected Products : vault
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication
Showing 20 of 291741 Results