Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2025-53534

    RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-52237

    An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.... Read more

    Affected Products : sscms
    • Published: Aug. 05, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-52078

    File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing remote attackers to gain escalated privileges via a crafted POST request to the /file-upload endpoint.... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-51541

    A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The c_database_schema field fails to properly sanitize user-supplied input before rendering it in the browser, ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-50592

    Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.... Read more

    Affected Products : seacms
    • Published: Aug. 05, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2014-125113

    An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2013-10070

    PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2013-10069

    The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker c... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2013-10068

    Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL ... Read more

    Affected Products : pdf_reader
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2013-10067

    Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2013-10066

    An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw ena... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2013-10065

    A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 9.3

    CRITICAL
    CVE-2013-10064

    A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2012-10035

    Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary c... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2012-10034

    ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outsi... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2012-10033

    Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This functi... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2012-10032

    Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. T... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2012-10031

    BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNam... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2012-10030

    FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, an... Read more

    Affected Products : freefloat_ftp_server
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2012-10029

    Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execut... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection
Showing 20 of 292819 Results