Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-2113

    Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote attackers ... Read more

    • EPSS Score: %22.82
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-16926

    Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.... Read more

    Affected Products : ohcount
    • EPSS Score: %6.41
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2012-3576

    Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to th... Read more

    Affected Products : wordpress wpstorecart
    • EPSS Score: %48.71
    • Published: Jun. 16, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-26290

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.... Read more

    Affected Products : m3_firmware m3
    • EPSS Score: %14.48
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28582

    It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %20.86
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45840

    It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.... Read more

    Affected Products : tos f2-210 f4-210 tos
    • EPSS Score: %1.85
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-0515

    In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • EPSS Score: %3.13
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-2704

    Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe.... Read more

    Affected Products : openview_network_node_manager
    • EPSS Score: %40.69
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-15068

    A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrator’s password without any authentication.... Read more

    • EPSS Score: %0.30
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-15066

    An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).... Read more

    Affected Products : gpon_firmware gpon
    • EPSS Score: %0.44
    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46315

    Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell me... Read more

    Affected Products : dir-846_firmware dir-846
    • EPSS Score: %26.25
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-29165

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to imperso... Read more

    Affected Products : argo-cd argo_cd
    • EPSS Score: %0.29
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-2845

    The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.... Read more

    Affected Products : goadmin_ce
    • EPSS Score: %87.46
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-0202

    Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.... Read more

    Affected Products : cognos_tm1
    • EPSS Score: %74.11
    • Published: May. 04, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1389

    Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) application 1.9.9 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android di_long_weibo
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-3262

    Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464.... Read more

    Affected Products : sitescope
    • EPSS Score: %24.21
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2024-3272

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of th... Read more

    • Actively Exploited
    • Published: Apr. 04, 2024
    • Modified: Nov. 29, 2024

  • 10.0

    HIGH
    CVE-2012-6428

    The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.... Read more

    • EPSS Score: %0.24
    • Published: Dec. 23, 2012
    • Modified: Jul. 01, 2025

  • 10.0

    HIGH
    CVE-2009-1227

    NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorizati... Read more

    Affected Products : firewall-1_pki_web_service
    • EPSS Score: %4.07
    • Published: Apr. 02, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-2940

    Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.... Read more

    Affected Products : cloudportal_services_manager
    • EPSS Score: %0.42
    • Published: Sep. 12, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 290985 Results