Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-2003

    Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved ... Read more

    Affected Products : vision1210_firmware vision1210
    • EPSS Score: %0.27
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5284

    ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.... Read more

    Affected Products : freeipa
    • EPSS Score: %0.30
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15580

    osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .htm... Read more

    Affected Products : osticket
    • EPSS Score: %38.44
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-39226

    GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerabilit... Read more

    • Published: Aug. 06, 2024
    • Modified: Nov. 12, 2024

  • 9.8

    CRITICAL
    CVE-2021-1141

    Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the De... Read more

    • EPSS Score: %5.28
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-1343

    PAM exposure enabling unauthenticated access to remote host... Read more

    Affected Products : privileged_account_manager
    • EPSS Score: %0.47
    • Published: Mar. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5376

    SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field.... Read more

    Affected Products : winpat_portal
    • EPSS Score: %0.42
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-0658

    The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthentica... Read more

    Affected Products : commonsbooking
    • EPSS Score: %44.43
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24142

    TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • EPSS Score: %1.45
    • Published: Feb. 03, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-51425

    Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. ... Read more

    Affected Products : rencontre
    • Published: Apr. 24, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-25110

    An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly R... Read more

    Affected Products : nut\/os
    • EPSS Score: %16.48
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-2027

    The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it... Read more

    Affected Products : zm_ajax_login_\&_register
    • EPSS Score: %0.25
    • Published: Apr. 15, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-5119

    A vulnerability was found in SourceCodester Event Registration System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=load_registration. The manipulation of the argument last_id/event_id leads t... Read more

    • Published: May. 20, 2024
    • Modified: Feb. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-0293

    A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command in... Read more

    Affected Products : lr1200gb_firmware lr1200gb
    • EPSS Score: %2.75
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6407

    CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.... Read more

    Affected Products : whc-5918a_firmware whc-5918a
    • Published: Jul. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29904

    The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.... Read more

    Affected Products : mediawiki
    • EPSS Score: %1.00
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5076

    An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs... Read more

    Affected Products : imagegear
    • EPSS Score: %2.25
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46322

    iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.... Read more

    Affected Products : iterm2
    • EPSS Score: %0.34
    • Published: Oct. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13392

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the rou... Read more

    • EPSS Score: %2.15
    • Published: May. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-6017

    Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memor... Read more

    Affected Products : game_networking_sockets
    • EPSS Score: %5.66
    • Published: Dec. 03, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291728 Results