Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-25970

    Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. ... Read more

    Affected Products : zendrop
    • EPSS Score: %0.31
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-5303

    Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."... Read more

    Affected Products : typo3 locator
    • EPSS Score: %1.09
    • Published: Aug. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-17526

    An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstra... Read more

    Affected Products : sagemathcell
    • EPSS Score: %0.64
    • Published: Oct. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7917

    Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.... Read more

    Affected Products : android
    • EPSS Score: %0.22
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-7233

    KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file.... Read more

    Affected Products : bac-a1616bc_firmware bac-a1616bc
    • EPSS Score: %0.39
    • Published: Jan. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45255

    The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The... Read more

    Affected Products : video_sharing_website
    • EPSS Score: %0.26
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-18200

    An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks.... Read more

    Affected Products : lx390_firmware lx390
    • EPSS Score: %0.33
    • Published: Oct. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7249

    Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, Cent... Read more

    • EPSS Score: %8.45
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-4711

    Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attackers to execute arbitrary code or cause a denial of service... Read more

    Affected Products : kingview
    • EPSS Score: %48.50
    • Published: Feb. 15, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-17540

    The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.... Read more

    Affected Products : fortiwlc
    • EPSS Score: %0.42
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-6298

    Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors.... Read more

    Affected Products : identityminder
    • EPSS Score: %2.60
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-15608

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When pa... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-1462

    Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter.... Read more

    Affected Products : shop-script
    • EPSS Score: %0.13
    • Published: Apr. 16, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-13311

    System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • EPSS Score: %5.05
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-5755

    config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote att... Read more

    Affected Products : sip-t38g
    • EPSS Score: %11.84
    • Published: Jul. 16, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2617

    Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.... Read more

    • EPSS Score: %41.20
    • Published: Jul. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-10493

    Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, ... Read more

    • EPSS Score: %0.33
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1391

    PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.... Read more

    Affected Products : webo
    • EPSS Score: %2.98
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1416

    PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.... Read more

    Affected Products : urlshrink
    • EPSS Score: %2.07
    • Published: Mar. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-7105

    Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors rela... Read more

    • EPSS Score: %0.42
    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291368 Results