Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2020-26900

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 b... Read more

    • EPSS Score: %0.10
    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-26906

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 b... Read more

    • EPSS Score: %0.13
    • Published: Oct. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-12773

    A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool.... Read more

    Affected Products : adsl_router_soc_firmware
    • EPSS Score: %0.41
    • Published: Jun. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2019-7747

    DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.... Read more

    Affected Products : dbninja
    • EPSS Score: %0.44
    • Published: Feb. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-14436

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, R... Read more

    • EPSS Score: %1.54
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-15272

    In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variab... Read more

    Affected Products : git-tag-annotation-action
    • EPSS Score: %0.34
    • Published: Oct. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-24884

    The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTM... Read more

    Affected Products : formidable_form_builder
    • EPSS Score: %19.16
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-45503

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.... Read more

    • EPSS Score: %0.08
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2018-2445

    AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.... Read more

    • EPSS Score: %0.22
    • Published: Aug. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-29076

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.... Read more

    • EPSS Score: %0.70
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-25010

    The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored ... Read more

    Affected Products : post_snippets
    • EPSS Score: %0.15
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-3210

    components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.... Read more

    Affected Products : bloodhound
    • EPSS Score: %1.75
    • Published: Feb. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-29066

    Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.... Read more

    • EPSS Score: %0.10
    • Published: Mar. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-32827

    MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. An attacker that can trick a victim into visiting a malicious site while running MockServer locally, will be able to run arbitrary code on th... Read more

    • EPSS Score: %0.31
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2014-1427

    A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.... Read more

    Affected Products : metal_as_a_service
    • EPSS Score: %0.38
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-45633

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and ... Read more

    • EPSS Score: %0.51
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-45635

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and ... Read more

    • EPSS Score: %0.76
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-45513

    NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker.... Read more

    Affected Products : xr1000_firmware xr1000
    • EPSS Score: %0.24
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-40004

    Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log.... Read more

    Affected Products : thingsboard
    • EPSS Score: %0.21
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 9.6

    CRITICAL
    CVE-2022-42711

    In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.... Read more

    Affected Products : whatsup_gold
    • EPSS Score: %0.22
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025
Showing 20 of 291358 Results