Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-30990

    SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter.... Read more

    Affected Products : client_management_system
    • Published: Apr. 17, 2024
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2021-37761

    Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.... Read more

    Affected Products : manageengine_admanager_plus
    • EPSS Score: %37.38
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-30949

    An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.... Read more

    Affected Products : newlib
    • Published: Aug. 20, 2024
    • Modified: Aug. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-31022

    An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component.... Read more

    Affected Products : candycms candycms
    • Published: Apr. 08, 2024
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2014-8174

    eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.... Read more

    Affected Products : edeploy
    • EPSS Score: %2.80
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-29441

    Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce ... Read more

    Affected Products : nacos
    • EPSS Score: %94.05
    • Published: Apr. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-30620

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan.... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Apr. 02, 2024
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-30595

    Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function.... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Mar. 28, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2024-30584

    Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Mar. 28, 2024
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2021-27378

    An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.... Read more

    Affected Products : rand_core
    • EPSS Score: %0.47
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-30564

    An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method.... Read more

    Affected Products :
    • Published: Apr. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-21513

    Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploi... Read more

    Affected Products : openmanage_server_administrator
    • EPSS Score: %0.50
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8657

    An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin acc... Read more

    Affected Products : eyesofnetwork
    • Actively Exploited
    • EPSS Score: %85.17
    • Published: Feb. 06, 2020
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2020-4854

    IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM ... Read more

    Affected Products : linux_kernel spectrum_protect_plus
    • EPSS Score: %0.23
    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-7200

    A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.... Read more

    Affected Products : systems_insight_manager
    • EPSS Score: %83.78
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-28653

    Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %79.17
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-30508

    Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2. ... Read more

    Affected Products : wp_hotel_booking
    • Published: Mar. 29, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2014-7859

    Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting m... Read more

    • EPSS Score: %11.42
    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2019-8280

    UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204.... Read more

    Affected Products : ultravnc
    • EPSS Score: %1.74
    • Published: Mar. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-8266

    UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via n... Read more

    Affected Products : ultravnc
    • EPSS Score: %1.33
    • Published: Mar. 08, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292425 Results