Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-2362

    Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.... Read more

    Affected Products : fonality
    • Published: Jun. 20, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2022-42150

    TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.... Read more

    Affected Products : cloud_lab linux_lab
    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1216

    A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for ... Read more

    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2720

    Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-20... Read more

    Affected Products : acrobat acrobat_reader
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2022-3703

    All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.... Read more

    • Published: Nov. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-4024

    Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter... Read more

    Affected Products : pear pear
    • Published: Nov. 29, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-7641

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.... Read more

    • Published: Oct. 18, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2022-37968

    Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over th... Read more

    • Published: Oct. 11, 2022
    • Modified: Jan. 02, 2025

  • 10.0

    HIGH
    CVE-2011-0496

    Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "d... Read more

    • Published: Jan. 20, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2022-36648

    The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. No... Read more

    Affected Products : qemu
    • Published: Aug. 22, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-5118

    The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.... Read more

    • Published: Jun. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2022-36067

    vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulner... Read more

    Affected Products : vm2
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-36331

    Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.... Read more

    • Published: Jun. 12, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-7003

    A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Contro... Read more

    Affected Products : control_manager
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-35978

    Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session ... Read more

    Affected Products : minetest
    • Published: Aug. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-35698

    Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execu... Read more

    • Published: Oct. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9054

    Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NA... Read more

    • Actively Exploited
    • Published: Mar. 04, 2020
    • Modified: Mar. 21, 2025

  • 10.0

    HIGH
    CVE-2016-6138

    Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.... Read more

    Affected Products : trex
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-15610

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When par... Read more

    Affected Products : webpanel
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-33207

    Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An att... Read more

    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293353 Results