Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2013-5946

    The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B... Read more

    • EPSS Score: %6.25
    • Published: Dec. 19, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-15859

    Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.... Read more

    Affected Products : diris_a-40_firmware diris_a-40
    • EPSS Score: %75.72
    • Published: Oct. 09, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-7198

    Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.... Read more

    Affected Products : websphere_application_server racf
    • EPSS Score: %1.09
    • Published: Apr. 30, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-14009

    Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.... Read more

    Affected Products : codiad
    • EPSS Score: %55.16
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1376

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system ... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-38516

    Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 befor... Read more

    • EPSS Score: %0.44
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38528

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56.... Read more

    • EPSS Score: %2.93
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-6861

    Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.... Read more

    Affected Products : spooky_login
    • EPSS Score: %0.29
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-29325

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %1.50
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7876

    Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via ... Read more

    • EPSS Score: %25.21
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2006-5809

    Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB before 0.13a have unknown impact and attack vectors.... Read more

    Affected Products : ovbb
    • EPSS Score: %0.39
    • Published: Nov. 08, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5980

    adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details ar... Read more

    Affected Products : netjetserver
    • EPSS Score: %2.04
    • Published: Nov. 20, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-14072

    An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts.... Read more

    Affected Products : mk-auth
    • EPSS Score: %2.75
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16730

    processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.... Read more

    • EPSS Score: %3.27
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-4879

    The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a de... Read more

    • EPSS Score: %0.63
    • Published: Sep. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-1469

    IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.... Read more

    Affected Products : api_connect
    • EPSS Score: %0.47
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14706

    System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request.... Read more

    Affected Products : 5n2_firmware 5n2
    • EPSS Score: %63.86
    • Published: Dec. 03, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-5309

    GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors.... Read more

    Affected Products : cadstream_server_firmware
    • EPSS Score: %0.57
    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9727

    AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.... Read more

    Affected Products : fritz\!box
    • EPSS Score: %87.55
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-17059

    A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.... Read more

    Affected Products : cyberoamos cyberoam
    • EPSS Score: %5.58
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 290955 Results