Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-20020

    A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.... Read more

    Affected Products : global_management_system
    • EPSS Score: %2.38
    • Published: Apr. 10, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0444

    HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : solaris operations_agent
    • EPSS Score: %6.43
    • Published: Feb. 09, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-10271

    MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ... Read more

    • EPSS Score: %0.44
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26887

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system ... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.40
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28581

    It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %20.86
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-36010

    This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/components/JsonFunctionValue.js). T... Read more

    Affected Products : react_editable_json_tree
    • EPSS Score: %0.49
    • Published: Aug. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3718

    Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : magento
    • EPSS Score: %8.70
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-32535

    The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.... Read more

    Affected Products : pra-es8p2s_firmware pra-es8p2s
    • EPSS Score: %0.28
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-32548

    An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.... Read more

    • EPSS Score: %62.78
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-14451

    An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote ... Read more

    Affected Products : ethereum
    • EPSS Score: %2.65
    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28910

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %11.61
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-1255

    The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.... Read more

    Affected Products : p-660hw
    • EPSS Score: %0.34
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-36582

    In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply trigge... Read more

    Affected Products : kooboo_cms
    • EPSS Score: %0.43
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-41299

    ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.... Read more

    • EPSS Score: %1.19
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-38490

    Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, 'xml')`) or the `Xml::parse()` method in site or... Read more

    Affected Products : kirby
    • EPSS Score: %18.07
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-7268

    Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.... Read more

    • EPSS Score: %3.49
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-6500

    The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all versions up to, and including, 1.4.0 (for InPost for W... Read more

    Affected Products :
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 10.0

    HIGH
    CVE-2021-46309

    An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.... Read more

    • EPSS Score: %0.33
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15751

    An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PH... Read more

    Affected Products : sitos_six
    • EPSS Score: %7.92
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15130

    The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST r... Read more

    Affected Products : humatrix_7
    • EPSS Score: %4.63
    • Published: Aug. 18, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292316 Results