Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-42454

    SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the `sqlpage/sqlpage.json` configuration file (not in an environment variable)... Read more

    Affected Products : sqlpage
    • EPSS Score: %0.10
    • Published: Sep. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-1381

    Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloudalbum) application 2.0.0 and 2.2.0 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android netease_cloudalbum
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-26824

    SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service... Read more

    Affected Products : solution_manager
    • EPSS Score: %0.81
    • Published: Nov. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0119

    Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file.... Read more

    Affected Products : windows_xp
    • EPSS Score: %29.15
    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5822

    Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a differ... Read more

    • EPSS Score: %38.66
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-46731

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with rea... Read more

    Affected Products : xwiki
    • EPSS Score: %57.46
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-27482

    homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use th... Read more

    Affected Products : home-assistant supervisor
    • EPSS Score: %87.09
    • Published: Mar. 08, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15607

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When p... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-27555

    Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.... Read more

    • EPSS Score: %2.67
    • Published: Nov. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-24022

    Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the f... Read more

    • EPSS Score: %0.72
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-24148

    A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.... Read more

    Affected Products : mstore_api
    • EPSS Score: %5.63
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-27976

    osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.... Read more

    Affected Products : oscommerce
    • EPSS Score: %20.02
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-5025

    Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack vectors.... Read more

    Affected Products : simple_http_scanner
    • EPSS Score: %0.39
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-44882

    D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.... Read more

    Affected Products : dir-878_firmware dir-878
    • EPSS Score: %8.69
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45497

    NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.... Read more

    Affected Products : d7000_firmware d7000
    • EPSS Score: %0.15
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-24527

    The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore... Read more

    Affected Products : profile_builder
    • EPSS Score: %0.53
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45738

    TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.... Read more

    Affected Products : x5000r_firmware x5000r
    • EPSS Score: %25.81
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-52181

    Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1. ... Read more

    Affected Products : theme_per_user
    • EPSS Score: %0.30
    • Published: Dec. 31, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-16257

    Winston 1.5.4 devices are vulnerable to command injection via the API.... Read more

    Affected Products : winston_firmware winston
    • EPSS Score: %6.27
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-3703

    All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.... Read more

    • EPSS Score: %0.05
    • Published: Nov. 10, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290983 Results