Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-30274

    The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption ... Read more

    Affected Products : ace1000_firmware ace1000
    • EPSS Score: %0.16
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-51840

    DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.... Read more

    Affected Products : doracms
    • EPSS Score: %0.24
    • Published: Jan. 29, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-20853

    aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary sy... Read more

    Affected Products : a\+hrd
    • EPSS Score: %0.48
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38140

    The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().... Read more

    Affected Products : set_user
    • EPSS Score: %0.36
    • Published: Aug. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-35138

    The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). The key is... Read more

    Affected Products : mobile\@work
    • EPSS Score: %0.22
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-38189

    An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two <CR><LF> sequences and then inject arbitrary SMTP commands.... Read more

    Affected Products : lettre
    • EPSS Score: %0.48
    • Published: Aug. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-13835

    An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020).... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-30450

    A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php... Read more

    Affected Products : waimairencms
    • EPSS Score: %11.07
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-20951

    In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.P... Read more

    Affected Products : android
    • EPSS Score: %1.12
    • Published: Mar. 24, 2023
    • Modified: Feb. 25, 2025

  • 9.8

    CRITICAL
    CVE-2023-52026

    TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface... Read more

    Affected Products : ex1800t_firmware ex1800t
    • EPSS Score: %3.09
    • Published: Jan. 12, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-34993

    Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.... Read more

    Affected Products : a3600r_firmware a3600r
    • EPSS Score: %0.44
    • Published: Aug. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-46793

    Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered ... Read more

    Affected Products : online_matrimonial_project
    • EPSS Score: %0.15
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5988

    The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.... Read more

    Affected Products : gs1900-10hp_firmware
    • EPSS Score: %0.51
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-30490

    Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php.... Read more

    • EPSS Score: %0.25
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-6127

    BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshake... Read more

    Affected Products :
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-21057

    In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • EPSS Score: %1.32
    • Published: Mar. 24, 2023
    • Modified: Feb. 21, 2025

  • 9.8

    CRITICAL
    CVE-2021-38423

    All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.... Read more

    Affected Products : gurumdds
    • EPSS Score: %0.17
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-1010150

    zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php.... Read more

    Affected Products : zzcms
    • EPSS Score: %1.13
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-35099

    TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.... Read more

    Affected Products : lr350_firmware lr350
    • Published: May. 14, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25530

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 08, 2024
    • Modified: Apr. 17, 2025
Showing 20 of 291541 Results