Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2010-1462

    Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter.... Read more

    Affected Products : shop-script
    • EPSS Score: %0.13
    • Published: Apr. 16, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-13311

    System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • EPSS Score: %5.05
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-5755

    config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote att... Read more

    Affected Products : sip-t38g
    • EPSS Score: %11.84
    • Published: Jul. 16, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2617

    Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.... Read more

    • EPSS Score: %41.20
    • Published: Jul. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-10493

    Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, ... Read more

    • EPSS Score: %0.33
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1391

    PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.... Read more

    Affected Products : webo
    • EPSS Score: %2.98
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1416

    PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.... Read more

    Affected Products : urlshrink
    • EPSS Score: %2.07
    • Published: Mar. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-7105

    Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors rela... Read more

    • EPSS Score: %0.42
    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-11420

    Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC5... Read more

    • EPSS Score: %10.61
    • Published: Jul. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-2320

    Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdra... Read more

    • EPSS Score: %0.33
    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15357

    Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.... Read more

    Affected Products : ap5100w_firmware ap5100w
    • EPSS Score: %6.08
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-1000214

    GitPHP by xiphux is vulnerable to OS Command Injections... Read more

    Affected Products : gitphp
    • EPSS Score: %7.22
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2007-1486

    PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evalua... Read more

    Affected Products : lazarus_guestbook
    • EPSS Score: %2.08
    • Published: Mar. 16, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1568

    Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.... Read more

    Affected Products : newsreactor
    • EPSS Score: %12.70
    • Published: Mar. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2003-1346

    D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.... Read more

    Affected Products : dwl-900ap\+
    • EPSS Score: %0.58
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-0568

    Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker.... Read more

    Affected Products : secure_site_module
    • EPSS Score: %0.85
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-2555

    Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182.... Read more

    • EPSS Score: %1.14
    • Published: Aug. 29, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-7805

    An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands.... Read more

    • EPSS Score: %5.27
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15425

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. The ... Read more

    Affected Products : webpanel
    • EPSS Score: %1.98
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1566

    Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 t... Read more

    Affected Products : igss
    • EPSS Score: %77.66
    • Published: Apr. 05, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 291003 Results