Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-29130

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability l... Read more

    Affected Products : simatic_cn_4100
    • EPSS Score: %0.20
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-3811

    Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to... Read more

    Affected Products : ip_office_customer_call_reporter
    • EPSS Score: %77.37
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2021-27446

    The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.... Read more

    • EPSS Score: %0.28
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-6071

    PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.... Read more

    Affected Products :
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-27474

    Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.... Read more

    Affected Products : factorytalk_assetcentre
    • EPSS Score: %0.09
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0621

    Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration ch... Read more

    Affected Products : ace_4710
    • EPSS Score: %0.46
    • Published: Feb. 26, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-34157

    Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.04
    • Published: Jun. 16, 2023
    • Modified: Dec. 17, 2024

  • 10.0

    CRITICAL
    CVE-2021-27460

    Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthen... Read more

    Affected Products : factorytalk_assetcentre
    • EPSS Score: %0.29
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-6917

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2.... Read more

    Affected Products : order_management
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 10.0

    HIGH
    CVE-2009-0721

    Unspecified vulnerability in Easy Login in the Sender module in HP Remote Graphics Software (RGS) 4.0.0 through 5.2.4 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : remote_graphics_software
    • EPSS Score: %8.20
    • Published: May. 18, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-56731

    Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can exec... Read more

    Affected Products : gogs
    • Published: Jun. 24, 2025
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2024-39754

    A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2024-39608

    A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerabili... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2024-36258

    A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2024-34166

    An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request ... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2024-36290

    A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trig... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2025-34158

    Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex’s bug bounty program. While technical details have not been publicly disclosed, the issue was acknowledged by the vendor and... Read more

    Affected Products : media_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 10.0

    CRITICAL
    CVE-2025-53187

    Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2024-32741

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2025-48148

    Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
Showing 20 of 290974 Results