Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2022-4980

    General Bytes Crypto Application Server (CAS) beginning with version 20201208 prior to 20220531.38 (backport) and 20220725.22 (mainline) contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL us... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2014-0764

    By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Apr. 12, 2014
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2014-0763

    An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpected SQL action a... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Apr. 12, 2014
    • Modified: Sep. 19, 2025

  • 4.7

    MEDIUM
    CVE-2014-0762

    The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation Gateway products, does not validate input correctly. An attacker could cause the software to go into an infinite loop, causing the process to crash. The system must be restarted m... Read more

    Affected Products : epaq-9410_substation_gateway
    • Published: Aug. 28, 2014
    • Modified: Sep. 19, 2025

  • 7.1

    HIGH
    CVE-2014-0761

    The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.... Read more

    Affected Products : epaq-9410_substation_gateway
    • Published: Aug. 28, 2014
    • Modified: Sep. 19, 2025

  • 6.9

    MEDIUM
    CVE-2014-0759

    Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space... Read more

    Affected Products : floating_license_manager
    • Published: Feb. 28, 2014
    • Modified: Sep. 19, 2025

  • 6.9

    MEDIUM
    CVE-2014-0755

    Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.... Read more

    • Published: Feb. 05, 2014
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-9644

    The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead o... Read more

    Affected Products : f3x36_firmware f3x36
    • Published: Feb. 04, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-57610

    A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force attacks on user accounts, significantly increasing the risk of account compromise and denial of service for legitimate users. The Supplier's position is th... Read more

    Affected Products : sylius
    • Published: Feb. 06, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-27145

    copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into c... Read more

    Affected Products : copyparty copyparty
    • Published: Feb. 25, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-12856

    The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the sy... Read more

    • Published: Dec. 27, 2024
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2023-5072

    Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.... Read more

    Affected Products : json-java json-java
    • Published: Oct. 12, 2023
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2022-45688

    A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.... Read more

    Affected Products : hutool json-java json-java
    • Published: Dec. 13, 2022
    • Modified: Sep. 19, 2025

  • 5.8

    MEDIUM
    CVE-2025-23041

    Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2... Read more

    Affected Products : umbraco_forms
    • Published: Jan. 14, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2024-46734

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one of them is doing direct IO writes while the oth... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2024-50290

    In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR regis... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2024-35892

    In the Linux kernel, the following vulnerability has been resolved: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() is called with the qdisc lock held, not RTNL. We must use qdisc_lookup_rcu() instead of qdisc_lo... Read more

    Affected Products : linux_kernel
    • Published: May. 19, 2024
    • Modified: Sep. 19, 2025

  • 4.7

    MEDIUM
    CVE-2024-50294

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it being queued for connection and the I/O thread picking up the call, t... Read more

    Affected Products : linux_kernel
    • Published: Nov. 19, 2024
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2024-50633

    A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentiona... Read more

    Affected Products : indico
    • Published: Jan. 16, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2024-35842

    In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normal_link string It's not granted that all entries of struct sof_conn_stream declare a `normal_link` (a non-SOF, direct link) string, an... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025
Showing 20 of 294835 Results