Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2021-39199

    remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user i... Read more

    Affected Products : remark-html
    • EPSS Score: %0.33
    • Published: Sep. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-1474

    Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger... Read more

    Affected Products : android
    • EPSS Score: %10.09
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-43048

    The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A su... Read more

    Affected Products : partnerexpress
    • EPSS Score: %0.28
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-22504

    Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an ... Read more

    Affected Products : operations_bridge_manager
    • EPSS Score: %3.02
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-24231

    Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.... Read more

    Affected Products : simple_student_information_system
    • EPSS Score: %0.46
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30925

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0447

    The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP doc... Read more

    Affected Products : openview_performance_insight
    • EPSS Score: %6.20
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-2380

    Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a du... Read more

    Affected Products : jrockit fusion_middleware
    • EPSS Score: %2.47
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2023-0776

    Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed ... Read more

    • EPSS Score: %0.14
    • Published: Feb. 11, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-37466

    vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be b... Read more

    Affected Products : vm2
    • EPSS Score: %4.73
    • Published: Jul. 14, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30916

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-5126

    Unspecified vulnerability in the client in Symantec Veritas Backup Exec for Windows Servers 11d has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that doe... Read more

    Affected Products : veritas_backup_exec
    • EPSS Score: %0.42
    • Published: Sep. 27, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-13336

    System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.... Read more

    Affected Products : terramaster_operating_system tos tos
    • EPSS Score: %12.49
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14477

    In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with... Read more

    • EPSS Score: %5.01
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14481

    In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution wi... Read more

    • EPSS Score: %2.27
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4757

    Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms i... Read more

    • EPSS Score: %1.06
    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-12030

    There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gatew... Read more

    • EPSS Score: %0.28
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-3506

    Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.... Read more

    Affected Products : ofbiz open_for_business_project
    • EPSS Score: %4.16
    • Published: Oct. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-28381

    Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.... Read more

    Affected Products : allmediaserver
    • EPSS Score: %79.34
    • Published: Apr. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-12125

    A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.... Read more

    Affected Products : wn530h4_firmware wn530h4
    • EPSS Score: %5.94
    • Published: Oct. 02, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291002 Results