Latest CVE Feed

  1. Home
  2. CVE
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-50495

    Unrestricted Upload of File with Dangerous Type vulnerability in WidgiLabs Plugin Propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through 0.1.... Read more

    Affected Products : plugin_propagator
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 10.0

    HIGH
    CVE-2020-35462

    Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : coscale_agent
    • EPSS Score: %2.01
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-3298

    Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %2.39
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-1374

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system comma... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-6907

    Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors.... Read more

    Affected Products : bluesoil_bluetooth
    • EPSS Score: %0.33
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2024-3193

    A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launc... Read more

    Affected Products : mailcleaner
    • Published: Apr. 29, 2024
    • Modified: Apr. 10, 2025

  • 10.0

    CRITICAL
    CVE-2024-32700

    Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0.... Read more

    Affected Products : kognetiks_chatbot
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7878

    The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execut... Read more

    Affected Products : helion_cloud_development_platform
    • EPSS Score: %28.81
    • Published: Nov. 14, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2024-8522

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on... Read more

    Affected Products : learnpress
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 10.0

    HIGH
    CVE-2024-8162

    A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded creden... Read more

    Affected Products : t10_v2_firmware t10_firmware t10
    • Published: Aug. 26, 2024
    • Modified: Aug. 27, 2024

  • 10.0

    HIGH
    CVE-2011-3137

    Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR I... Read more

    • EPSS Score: %1.33
    • Published: Aug. 12, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-27708

    Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs becau... Read more

    • EPSS Score: %20.15
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3161

    Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229.... Read more

    • EPSS Score: %45.96
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-6617

    Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.... Read more

    • EPSS Score: %17.02
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2023-7095

    A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulat... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %9.33
    • Published: Dec. 25, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-9479

    Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-7503

    An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web i... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025

  • 10.0

    HIGH
    CVE-2020-24032

    tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.... Read more

    Affected Products : lpar2rrd stor2rrd
    • EPSS Score: %16.76
    • Published: Aug. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-23922

    Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025

  • 10.0

    HIGH
    CVE-2025-2621

    A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated rem... Read more

    Affected Products : dap-1620_firmware dap-1620
    • Published: Mar. 22, 2025
    • Modified: Mar. 26, 2025
Showing 20 of 290983 Results