Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-0515

    In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • EPSS Score: %3.13
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-2704

    Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe.... Read more

    Affected Products : openview_network_node_manager
    • EPSS Score: %40.69
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-15068

    A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.... Read more

    • EPSS Score: %0.30
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-15066

    An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).... Read more

    Affected Products : gpon_firmware gpon
    • EPSS Score: %0.44
    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46315

    Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell me... Read more

    Affected Products : dir-846_firmware dir-846
    • EPSS Score: %26.25
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-29165

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to imperso... Read more

    Affected Products : argo-cd argo_cd
    • EPSS Score: %0.29
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-2845

    The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.... Read more

    Affected Products : goadmin_ce
    • EPSS Score: %87.46
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-0202

    Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.... Read more

    Affected Products : cognos_tm1
    • EPSS Score: %74.11
    • Published: May. 04, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1389

    Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) application 1.9.9 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android di_long_weibo
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-3262

    Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464.... Read more

    Affected Products : sitescope
    • EPSS Score: %24.21
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2024-3272

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of th... Read more

    • Actively Exploited
    • Published: Apr. 04, 2024
    • Modified: Nov. 29, 2024

  • 10.0

    HIGH
    CVE-2012-6428

    The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.... Read more

    • EPSS Score: %0.24
    • Published: Dec. 23, 2012
    • Modified: Jul. 01, 2025

  • 10.0

    HIGH
    CVE-2009-1227

    NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorizati... Read more

    Affected Products : firewall-1_pki_web_service
    • EPSS Score: %4.07
    • Published: Apr. 02, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-2940

    Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.... Read more

    Affected Products : cloudportal_services_manager
    • EPSS Score: %0.42
    • Published: Sep. 12, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-1140

    Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the De... Read more

    • EPSS Score: %7.60
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51409

    Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. ... Read more

    Affected Products : ai_engine ai_engine
    • Published: Apr. 12, 2024
    • Modified: Apr. 08, 2025

  • 10.0

    HIGH
    CVE-2021-37749

    MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method.... Read more

    Affected Products : geomedia_webmap
    • EPSS Score: %0.92
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-1809

    The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.... Read more

    Affected Products : iphone_os ipod_touch
    • EPSS Score: %0.86
    • Published: Sep. 09, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-5473

    Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privilege... Read more

    Affected Products : syncthru_6
    • EPSS Score: %46.93
    • Published: Jun. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-4673

    PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.... Read more

    Affected Products : events_calendar
    • EPSS Score: %2.48
    • Published: Oct. 22, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291221 Results