Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-42784

    OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request.... Read more

    Affected Products : dwr-932c_e1_firmware dwr-932c
    • EPSS Score: %3.92
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-5802

    A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.... Read more

    Affected Products : vertica
    • EPSS Score: %2.25
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-43130

    An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.... Read more

    • EPSS Score: %0.33
    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38513

    Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before ... Read more

    • EPSS Score: %0.32
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44159

    4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny o... Read more

    Affected Products : gcb_doctor
    • EPSS Score: %4.76
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6213

    In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.... Read more

    • EPSS Score: %3.10
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30921

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30923

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39658

    ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks。Third-party apps can use this service to arbitrarily modify and s... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-1505

    The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.... Read more

    Affected Products : windows radicale
    • EPSS Score: %1.35
    • Published: Feb. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2022-31209

    An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.... Read more

    Affected Products : iray-a8z3_firmware iray-a8z3
    • EPSS Score: %1.04
    • Published: Jul. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-4557

    Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary cod... Read more

    • EPSS Score: %32.32
    • Published: Dec. 17, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-31479

    An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501... Read more

    • EPSS Score: %6.94
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45742

    TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.... Read more

    Affected Products : a720r_firmware a720r
    • EPSS Score: %20.32
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-31801

    An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.... Read more

    Affected Products : multiprog proconos proconos_eclr
    • EPSS Score: %0.68
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-5446

    The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.... Read more

    • EPSS Score: %0.47
    • Published: Oct. 22, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2022-32773

    An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payloa... Read more

    • EPSS Score: %0.32
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15922

    There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.... Read more

    Affected Products : eframework
    • EPSS Score: %79.17
    • Published: Jul. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-19069

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is autho... Read more

    • EPSS Score: %1.22
    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20623

    Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.... Read more

    Affected Products : video_insight_vms
    • EPSS Score: %2.08
    • Published: Feb. 05, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290981 Results