Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-0773

    The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreatePro... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Apr. 12, 2014
    • Modified: Sep. 19, 2025

  • 5.0

    MEDIUM
    CVE-2014-0772

    The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser sessio... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Apr. 12, 2014
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2014-0771

    The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. Th... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Apr. 12, 2014
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2014-0770

    By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Apr. 12, 2014
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2014-0768

    An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Apr. 12, 2014
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2014-0767

    An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Apr. 12, 2014
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2014-0766

    An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Apr. 12, 2014
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2014-0765

    To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Apr. 12, 2014
    • Modified: Sep. 19, 2025

  • 6.2

    MEDIUM
    CVE-2025-21041

    Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-21042

    Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : android
    • Published: Sep. 12, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-10668

    A security vulnerability has been detected in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file /members/compose_msg_admin.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from ... Read more

    Affected Products : online_discussion_forum
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10670

    A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /check_profile.php. Executing manipulation of the argument profile_id can lead to sql injection. It is p... Read more

    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-21043

    Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : android
    • Published: Sep. 12, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-47829

    pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the ... Read more

    Affected Products : pnpm
    • Published: Apr. 23, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2024-56156

    Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lea... Read more

    Affected Products : halo
    • Published: Apr. 25, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-58060

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the pass... Read more

    Affected Products : cups cups
    • Published: Sep. 11, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-46720

    Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the ... Read more

    Affected Products : keystone
    • Published: May. 05, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-58364

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a r... Read more

    Affected Products : cups
    • Published: Sep. 11, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-47619

    syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should ... Read more

    Affected Products : syslog-ng
    • Published: May. 07, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-57965

    In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a... Read more

    Affected Products : axios
    • Published: Jan. 29, 2025
    • Modified: Sep. 19, 2025
Showing 20 of 294836 Results