Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-12574

    An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized ac... Read more

    Affected Products : cs-w50hd_firmware cs-w50hd
    • EPSS Score: %0.42
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-30247

    NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security miscon... Read more

    Affected Products : nextcloudpi
    • Published: Mar. 29, 2024
    • Modified: May. 07, 2025

  • 10.0

    HIGH
    CVE-2006-3203

    The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges.... Read more

    Affected Products : ultimate_php_board
    • EPSS Score: %1.24
    • Published: Jun. 24, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-25880

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system comma... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2001-0192

    Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions.... Read more

    Affected Products : xmail
    • EPSS Score: %5.00
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-1010

    Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.... Read more

    Affected Products : solaris openbsd linux
    • EPSS Score: %2.32
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0147

    Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.... Read more

    Affected Products : windows_2000
    • EPSS Score: %13.87
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2007-1722

    Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID argument.... Read more

    Affected Products : skcommax_activex_control
    • EPSS Score: %3.15
    • Published: Mar. 28, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-50493

    Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 10.0

    HIGH
    CVE-2019-10581

    NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music... Read more

    • EPSS Score: %0.31
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1397

    Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.... Read more

    Affected Products : fish
    • EPSS Score: %33.68
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3346

    Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure... Read more

    Affected Products : crystal_reports_server
    • EPSS Score: %4.07
    • Published: Sep. 24, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-1999-0760

    Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.... Read more

    Affected Products : coldfusion_server
    • EPSS Score: %0.45
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0874

    Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-2006-0854, but the vendor announcement for this issue (f... Read more

    Affected Products : iuser_ecommerce
    • EPSS Score: %0.43
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-2074

    Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS "client code," as demonstrated by the OUSPG PROTOS DNS test suite.... Read more

    Affected Products : junose
    • EPSS Score: %1.29
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-50420

    Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3.... Read more

    Affected Products : adirectory
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 10.0

    HIGH
    CVE-2019-10850

    Computrols CBAS 18.0.0 has Default Credentials.... Read more

    • EPSS Score: %0.39
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-9953

    An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770.... Read more

    Affected Products : android
    • EPSS Score: %0.58
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-8423

    Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.... Read more

    Affected Products : vap2500_firmware
    • EPSS Score: %31.09
    • Published: Nov. 28, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2006-5026

    Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.3 have unknown impact and attack vectors.... Read more

    Affected Products : simple_http_scanner
    • EPSS Score: %0.39
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 290958 Results