Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-38734

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-30809

    elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.... Read more

    Affected Products : elite_cms
    • EPSS Score: %0.25
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-18370

    An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed dir... Read more

    • EPSS Score: %64.01
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2005-3056

    TWiki allows arbitrary shell command execution via the Include function... Read more

    Affected Products : twiki
    • EPSS Score: %1.22
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2005-2773

    HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.... Read more

    Affected Products : openview_network_node_manager
    • Actively Exploited
    • EPSS Score: %89.82
    • Published: Sep. 02, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-15691

    Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.... Read more

    • EPSS Score: %47.55
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-35869

    This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiv... Read more

    Affected Products : ignition
    • EPSS Score: %1.90
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2005-0496

    Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.... Read more

    Affected Products : network_backup
    • EPSS Score: %2.56
    • Published: Feb. 21, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-1083

    An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.... Read more

    Affected Products :
    • Published: Apr. 09, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2004-2776

    go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.... Read more

    Affected Products : goscript
    • EPSS Score: %2.22
    • Published: Dec. 31, 2019
    • Modified: Nov. 20, 2024

  • 9.8

    CRITICAL
    CVE-2004-0847

    The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation... Read more

    Affected Products : windows_server_2003 asp.net
    • EPSS Score: %64.44
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2021-43267

    An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message ... Read more

    • EPSS Score: %69.02
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42013

    It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directori... Read more

    • Actively Exploited
    • EPSS Score: %94.43
    • Published: Oct. 07, 2021
    • Modified: Mar. 21, 2025

  • 9.8

    CRITICAL
    CVE-2017-17480

    In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.... Read more

    Affected Products : ubuntu_linux openjpeg debian_linux
    • EPSS Score: %2.25
    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-3838

    DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protoco... Read more

    Affected Products : dompdf
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2004-0005

    Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_deco... Read more

    Affected Products : gaim
    • EPSS Score: %21.42
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2021-38297

    Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.... Read more

    Affected Products : fedora go
    • EPSS Score: %5.85
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-0578

    A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It ... Read more

    Affected Products : lr1200gb_firmware lr1200gb
    • EPSS Score: %0.88
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40520

    Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.... Read more

    • EPSS Score: %0.40
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2003-0791

    The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.... Read more

    Affected Products : mozilla openserver
    • EPSS Score: %1.15
    • Published: Oct. 07, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 291625 Results