Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-15887

    An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.... Read more

    Affected Products : carddav_server
    • EPSS Score: %0.56
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-43206

    D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.... Read more

    Affected Products : dwl-6610ap_firmware dwl-6610ap
    • EPSS Score: %1.61
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16714

    In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.... Read more

    • EPSS Score: %2.45
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-22581

    White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).... Read more

    • EPSS Score: %0.10
    • Published: Apr. 24, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-19319

    Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login.... Read more

    Affected Products : dir-619l_firmware dir-619l
    • EPSS Score: %0.44
    • Published: Sep. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34442

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to ... Read more

    • EPSS Score: %0.06
    • Published: Jan. 18, 2023
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7806

    Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : form_manager
    • EPSS Score: %13.87
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-20166

    Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.... Read more

    Affected Products : ecto
    • EPSS Score: %0.12
    • Published: Jan. 10, 2023
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-33265

    Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device.... Read more

    • EPSS Score: %0.11
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2014-125029

    A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql inje... Read more

    Affected Products : paginationserviceprovider
    • EPSS Score: %0.06
    • Published: Jan. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-24795

    Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.... Read more

    Affected Products : jhr-n916r_firmware jhr-n916r
    • EPSS Score: %0.11
    • Published: Mar. 16, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-1152

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93.... Read more

    Affected Products : persolus
    • EPSS Score: %0.06
    • Published: Mar. 17, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2020-18753

    An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.... Read more

    Affected Products : mac1100_plc_firmware mac1100_plc
    • EPSS Score: %0.14
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-28801

    An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.This issue affects Admin UI: from 6.2 before 6.2r. ... Read more

    • EPSS Score: %0.04
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40837

    Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD5... Read more

    Affected Products : ac6_firmware ac6
    • EPSS Score: %0.11
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-40764

    User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.... Read more

    Affected Products : car_rental_script
    • EPSS Score: %0.11
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-38027

    SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt ser... Read more

    Affected Products : sense_firmware sense
    • EPSS Score: %1.66
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-31447

    user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.... Read more

    • EPSS Score: %0.24
    • Published: Aug. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-26469

    In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.... Read more

    Affected Products : jorani
    • EPSS Score: %93.44
    • Published: Aug. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-7214

    An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account pas... Read more

    Affected Products : nova
    • EPSS Score: %1.30
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291150 Results