Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.4

    CRITICAL
    CVE-2024-36059

    Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol.... Read more

    Affected Products :
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024
  • 9.4

    CRITICAL
    CVE-2024-7205

    When the device is shared, the homepage module are before 2.19.0  in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.... Read more

    Affected Products : ewelink
    • Published: Jul. 31, 2024
    • Modified: Jul. 31, 2024
  • 9.4

    CRITICAL
    CVE-2024-41940

    A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privilege... Read more

    Affected Products : sinec_nms
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024
  • 9.4

    CRITICAL
    CVE-2024-36439

    Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password.... Read more

    Affected Products :
    • Published: Aug. 22, 2024
    • Modified: Nov. 21, 2024
  • 9.4

    CRITICAL
    CVE-2024-42764

    Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.... Read more

    Affected Products : bus_ticket_reservation_system
    • Published: Aug. 23, 2024
    • Modified: May. 06, 2025
  • 9.4

    CRITICAL
    CVE-2024-7873

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order... Read more

    Affected Products :
    • Published: Sep. 17, 2024
    • Modified: Sep. 20, 2024
  • 9.4

    CRITICAL
    CVE-2022-0942

    Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.... Read more

    Affected Products : showdoc
    • EPSS Score: %0.33
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024
  • 9.4

    CRITICAL
    CVE-2022-1330

    stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .... Read more

    Affected Products : fullpage
    • EPSS Score: %0.32
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024
  • 9.4

    CRITICAL
    CVE-2022-1592

    Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...... Read more

    Affected Products : scout
    • EPSS Score: %0.30
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024
  • 9.4

    CRITICAL
    CVE-2022-1682

    Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser... Read more

    Affected Products : facturascripts
    • EPSS Score: %0.28
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024
  • 9.4

    CRITICAL
    CVE-2021-27442

    The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.... Read more

    • EPSS Score: %0.14
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024
  • 9.4

    CRITICAL
    CVE-2016-5843

    Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.... Read more

    Affected Products : faq
    • EPSS Score: %1.10
    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025
  • 9.4

    CRITICAL
    CVE-2016-2296

    Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.... Read more

    • EPSS Score: %75.31
    • Published: May. 14, 2016
    • Modified: Apr. 12, 2025
  • 9.4

    CRITICAL
    CVE-2022-3224

    Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.... Read more

    Affected Products : parse-url
    • EPSS Score: %0.18
    • Published: Sep. 15, 2022
    • Modified: Nov. 21, 2024
  • 9.4

    HIGH
    CVE-2016-1000112

    Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin... Read more

    Affected Products : contus-video-comments
    • EPSS Score: %35.66
    • Published: Oct. 06, 2016
    • Modified: Apr. 12, 2025
  • 9.4

    CRITICAL
    CVE-2025-54071

    RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This ... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Path Traversal
  • 9.4

    CRITICAL
    CVE-2025-34152

    An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without reboo... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection
  • 9.4

    HIGH
    CVE-2016-8491

    The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.... Read more

    Affected Products : fortiwlc fortiwlc
    • EPSS Score: %0.27
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025
  • 9.4

    HIGH
    CVE-2021-38917

    IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018.... Read more

    Affected Products : powervm_hypervisor
    • EPSS Score: %0.21
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024
  • 9.4

    HIGH
    CVE-2021-39635

    ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291222 Results