Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-13352

    WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset t... Read more

    Affected Products : cynap
    • EPSS Score: %1.04
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-2019

    Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.... Read more

    Affected Products : operations_agent
    • EPSS Score: %75.60
    • Published: Jul. 11, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-6651

    Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter.... Read more

    Affected Products : oxybox
    • EPSS Score: %2.28
    • Published: Apr. 07, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-3605

    The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied param... Read more

    Affected Products : wp_hotel_booking
    • Published: Jun. 20, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46422

    Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.... Read more

    Affected Products : sdt-cs3b1_firmware sdt-cs3b1
    • EPSS Score: %94.26
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2023-7220

    A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overfl... Read more

    Affected Products : nr1800x_firmware nr1800x
    • EPSS Score: %0.13
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-38366

    trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain M... Read more

    Affected Products : trunk.cocoapods.org
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-0001

    A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.... Read more

    Affected Products : purity\/\/fa
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 10.0

    CRITICAL
    CVE-2024-0520

    A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loadi... Read more

    Affected Products : mlflow
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3585

    redhat-upgrade-tool: Does not check GPG signatures when upgrading versions... Read more

    • EPSS Score: %0.20
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-1100

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through 2.23.5.... Read more

    Affected Products :
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-42450

    The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By d... Read more

    Affected Products : versa_director
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 10.0

    CRITICAL
    CVE-2024-43955

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.... Read more

    Affected Products : droip
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 10.0

    HIGH
    CVE-2017-8658

    A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".... Read more

    Affected Products : chakracore
    • EPSS Score: %36.01
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2022-21941

    All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.... Read more

    Affected Products : istar_ultra_firmware istar_ultra
    • EPSS Score: %4.29
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7265

    Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).... Read more

    • EPSS Score: %29.80
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-3013

    WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session... Read more

    • EPSS Score: %0.63
    • Published: Sep. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-35186

    The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank p... Read more

    Affected Products : adminer
    • EPSS Score: %2.01
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35469

    The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : terracotta_server_oss
    • EPSS Score: %2.01
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-51551

    Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024
Showing 20 of 292495 Results