Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2019-10686

    An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled.... Read more

    Affected Products : apollo
    • EPSS Score: %0.35
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-4031

    Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors.... Read more

    Affected Products : netcharts_server
    • EPSS Score: %40.63
    • Published: May. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-32941

    Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (r... Read more

    Affected Products : n48pbb_firmware n48pbb
    • EPSS Score: %1.55
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5895

    Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors.... Read more

    Affected Products : irods
    • EPSS Score: %0.38
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-3491

    The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance... Read more

    • EPSS Score: %6.03
    • Published: Oct. 26, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-4908

    TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.... Read more

    Affected Products : tinybrowser
    • EPSS Score: %61.85
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13306

    System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • EPSS Score: %15.30
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17506

    There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjuncti... Read more

    • EPSS Score: %92.91
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-25970

    Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. ... Read more

    Affected Products : zendrop
    • EPSS Score: %0.31
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-5303

    Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."... Read more

    Affected Products : typo3 locator
    • EPSS Score: %1.09
    • Published: Aug. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-17526

    An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstra... Read more

    Affected Products : sagemathcell
    • EPSS Score: %0.64
    • Published: Oct. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7917

    Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.... Read more

    Affected Products : android
    • EPSS Score: %0.22
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-7233

    KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file.... Read more

    Affected Products : bac-a1616bc_firmware bac-a1616bc
    • EPSS Score: %0.39
    • Published: Jan. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45255

    The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The... Read more

    Affected Products : video_sharing_website
    • EPSS Score: %0.26
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-18200

    An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks.... Read more

    Affected Products : lx390_firmware lx390
    • EPSS Score: %0.33
    • Published: Oct. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7249

    Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, Cent... Read more

    • EPSS Score: %8.45
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-4711

    Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attackers to execute arbitrary code or cause a denial of service... Read more

    Affected Products : kingview
    • EPSS Score: %48.50
    • Published: Feb. 15, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-17540

    The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.... Read more

    Affected Products : fortiwlc
    • EPSS Score: %0.42
    • Published: May. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-6298

    Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors.... Read more

    Affected Products : identityminder
    • EPSS Score: %2.60
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-15608

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When pa... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291003 Results