Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-30912

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39274

    In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution wit... Read more

    Affected Products : sn1per
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6298

    Remote code execution in Hanwha Techwin Smartcams... Read more

    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46007

    totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.... Read more

    Affected Products : ar3100r_firmware ar3100r
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-40519

    Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.... Read more

    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-23924

    Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker c... Read more

    Affected Products : dompdf
    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-38650

    A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with t... Read more

    Affected Products : hyperic_server
    • Published: Nov. 12, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-42497

    Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.... Read more

    Affected Products : api2cart_bridge_connector
    • Published: Nov. 18, 2022
    • Modified: Feb. 20, 2025

  • 10.0

    HIGH
    CVE-2016-1998

    HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.... Read more

    Affected Products : service_manager
    • Published: Mar. 22, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-24054

    The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only take... Read more

    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-24186

    A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.... Read more

    Affected Products : wpdiscuz
    • Published: Aug. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-46161

    pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the contex... Read more

    Affected Products : pdfmake
    • Published: Dec. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-29978

    Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN < 2.3.... Read more

    Affected Products : vpn mozilla_vpn
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3159

    Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1227.... Read more

    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-21903

    A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send ... Read more

    Affected Products : ic_module_cma
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-21940

    A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger t... Read more

    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-22667

    BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior)... Read more

    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-8327

    A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.... Read more

    • Published: Jul. 11, 2018
    • Modified: Jul. 16, 2025

  • 10.0

    HIGH
    CVE-2020-15477

    The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.... Read more

    Affected Products : raspberrytortoise
    • Published: Jul. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-2248

    Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoc... Read more

    Affected Products : secure_global_desktop
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292768 Results