Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-47407

    A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.... Read more

    Affected Products : mypro
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 10.0

    HIGH
    CVE-2008-1989

    PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.... Read more

    Affected Products : e107 123_flash_chat_module
    • EPSS Score: %1.80
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-5768

    A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header.... Read more

    Affected Products : ac15_firmware ac15_firmware ac15
    • EPSS Score: %2.35
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5779

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and the... Read more

    Affected Products : connect_onsite st14.2
    • EPSS Score: %2.24
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-49291

    Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 10.0

    CRITICAL
    CVE-2024-49324

    Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0.... Read more

    Affected Products : sovratec_case_management
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    CRITICAL
    CVE-2021-40419

    A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulne... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • EPSS Score: %0.51
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31819

    In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.... Read more

    Affected Products : halibut
    • EPSS Score: %1.38
    • Published: Sep. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-2775

    AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.... Read more

    Affected Products : live_support
    • EPSS Score: %3.30
    • Published: May. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-4465

    Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer er... Read more

    Affected Products : terminal_server
    • EPSS Score: %26.53
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-25417

    Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.41
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25428

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25441

    Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %15.92
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-54085

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.... Read more

    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: Jun. 27, 2025

  • 10.0

    HIGH
    CVE-2007-2985

    Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload a... Read more

    Affected Products : pheap
    • EPSS Score: %3.84
    • Published: Jun. 01, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-14100

    In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.... Read more

    Affected Products : r3600_firmware r3600
    • EPSS Score: %1.84
    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17181

    A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system.... Read more

    Affected Products : intrasrv
    • EPSS Score: %1.86
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-29381

    An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the C... Read more

    • EPSS Score: %2.70
    • Published: Nov. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-9682

    The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.... Read more

    Affected Products : node-dns-sync dns-sync
    • EPSS Score: %1.04
    • Published: Feb. 28, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2022-30422

    Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter.... Read more

    Affected Products : planet_time_enterprise
    • EPSS Score: %11.65
    • Published: Jun. 17, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290958 Results