Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-45620

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.... Read more

    • EPSS Score: %2.49
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-6598

    Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."... Read more

    Affected Products : wanpipe
    • EPSS Score: %0.24
    • Published: Apr. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6604

    Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390.... Read more

    Affected Products : picoflat_cms
    • EPSS Score: %1.47
    • Published: Apr. 04, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-46200

    An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php.... Read more

    • EPSS Score: %0.33
    • Published: Jan. 21, 2022
    • Modified: Dec. 27, 2024

  • 10.0

    HIGH
    CVE-2011-1519

    The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbit... Read more

    Affected Products : lotus_domino
    • EPSS Score: %14.00
    • Published: Mar. 25, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-4752

    IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for... Read more

    • EPSS Score: %2.51
    • Published: Sep. 23, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2023-6016

    An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature.... Read more

    Affected Products : h2o
    • EPSS Score: %73.64
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-37112

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.... Read more

    Affected Products : wishlist_member
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1643

    Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecti... Read more

    • EPSS Score: %1.17
    • Published: Aug. 29, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2022-45822

    Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.... Read more

    Affected Products : advanced_booking_calendar
    • EPSS Score: %0.21
    • Published: Dec. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-52218

    Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8. ... Read more

    • EPSS Score: %0.63
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-52221

    Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1. ... Read more

    • EPSS Score: %0.31
    • Published: Jan. 24, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-5278

    Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, result... Read more

    • EPSS Score: %9.73
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-2608

    Unspecified vulnerability in (1) the Oracle Communications Diameter Signaling Router (DSR) component in Oracle Communications Applications 4.1.6 and earlier, 5.1.0 and earlier, 6.0.2 and earlier, and 7.1.0 and earlier; (2) the Oracle Communications Perfor... Read more

    Affected Products : communications_applications
    • EPSS Score: %2.47
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2024-21576

    ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be trigge... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 10.0

    CRITICAL
    CVE-2023-31273

    Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    Affected Products : data_center_manager
    • EPSS Score: %0.36
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-2227

    This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security... Read more

    Affected Products : identityiq
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-7144

    Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME... Read more

    Affected Products : winrar
    • EPSS Score: %1.13
    • Published: Sep. 01, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-1651

    Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization. ... Read more

    Affected Products : torrentpier
    • Published: Feb. 20, 2024
    • Modified: Feb. 12, 2025

  • 10.0

    CRITICAL
    CVE-2024-25029

    IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to... Read more

    Affected Products : personal_communications
    • Published: Apr. 06, 2024
    • Modified: May. 07, 2025
Showing 20 of 290978 Results