Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2010-4727

    Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : smarty
    • Published: Feb. 03, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-4733

    WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and password, which makes it easier for remote attackers to obtain ... Read more

    • Published: Feb. 15, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-20269

    A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.... Read more

    Affected Products : caret
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-4663

    Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.... Read more

    Affected Products : cms_made_simple
    • Published: Jun. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2018-6667

    Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).... Read more

    Affected Products : mcafee_web_gateway
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2994

    Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).... Read more

    Affected Products : web_vulnerability_scanner
    • Published: Apr. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2023-29131

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation.... Read more

    Affected Products : simatic_cn_4100
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-21244

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3... Read more

    Affected Products : onedev
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24646

    A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-5129

    A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in... Read more

    Affected Products : youphptube youphptube_encoder
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-43931

    Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : vpn_plus_server router_manager
    • Published: Jan. 03, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-35189

    Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. ... Read more

    Affected Products : scrutisweb
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-6238

    Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a... Read more

    Affected Products : quicktime
    • Published: Dec. 04, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-3703

    Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials... Read more

    • Published: Sep. 03, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-1968

    Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.... Read more

    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-41721

    Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by ... Read more

    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-2306

    Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records. ... Read more

    Affected Products : nicevision
    • Published: Oct. 05, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-4309

    Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend dat... Read more

    Affected Products : internet_election_service
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-24813

    Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `... Read more

    Affected Products : dompdf
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-29384

    Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. ... Read more

    Affected Products : jobwp
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292862 Results