Latest CVE Feed

  1. Home
  2. CVE
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-1297

    Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection. ... Read more

    Affected Products : loomio
    • Published: Feb. 20, 2024
    • Modified: Dec. 31, 2024

  • 10.0

    HIGH
    CVE-2008-1827

    Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3) APP09; (b) Application Object Library component, aka (... Read more

    • EPSS Score: %2.78
    • Published: Apr. 16, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-9091

    A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, ... Read more

    Affected Products : loadmaster_operating_system
    • EPSS Score: %1.18
    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9139

    On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %1.35
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-5599

    TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Inje... Read more

    • EPSS Score: %1.26
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-29389

    The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank passwo... Read more

    Affected Products : crux_linux_docker_image
    • EPSS Score: %0.39
    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-21650

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary ... Read more

    Affected Products : xwiki
    • EPSS Score: %92.33
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-5246

    The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.... Read more

    Affected Products : a5s_firmware a5s
    • EPSS Score: %26.19
    • Published: Aug. 22, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-25139

    A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configu... Read more

    Affected Products : moonshot_provisioning_manager
    • EPSS Score: %4.00
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1918

    Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via c... Read more

    • EPSS Score: %0.91
    • Published: Nov. 02, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-6471

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access.... Read more

    Affected Products : workcentre
    • EPSS Score: %0.30
    • Published: Dec. 11, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-6473

    Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error mess... Read more

    Affected Products : workcentre
    • EPSS Score: %0.36
    • Published: Dec. 11, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-0893

    Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MB... Read more

    Affected Products : xvid
    • EPSS Score: %6.67
    • Published: Jun. 02, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-0365

    The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user.... Read more

    • EPSS Score: %2.42
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-22056

    The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service.... Read more

    Affected Products : le-yan_dental_management_system
    • EPSS Score: %3.82
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-22086

    Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Mu... Read more

    • EPSS Score: %0.16
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-2953

    The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.... Read more

    Affected Products : web_gateway
    • EPSS Score: %80.90
    • Published: Jul. 23, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-14244

    An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /p... Read more

    Affected Products : ib-wra150n_firmware ib-wra150n
    • EPSS Score: %55.13
    • Published: Sep. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2019-7257

    Linear eMerge E3-Series devices allow Unrestricted File Upload.... Read more

    • EPSS Score: %38.18
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-5715

    Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors.... Read more

    Affected Products : gom_player
    • EPSS Score: %0.34
    • Published: Sep. 09, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 290983 Results