Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-11920

    An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters... Read more

    Affected Products : siime_eye_firmware siime_eye
    • EPSS Score: %11.08
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38613

    The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution.... Read more

    Affected Products : remkon_device_manager
    • EPSS Score: %8.94
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30912

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39274

    In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution wit... Read more

    Affected Products : sn1per
    • EPSS Score: %0.66
    • Published: Aug. 19, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44738

    Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.... Read more

    • EPSS Score: %0.84
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39675

    In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produc... Read more

    Affected Products : android
    • EPSS Score: %5.79
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6298

    Remote code execution in Hanwha Techwin Smartcams... Read more

    • EPSS Score: %3.39
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46007

    totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.... Read more

    Affected Products : ar3100r_firmware ar3100r
    • EPSS Score: %9.41
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-4202

    IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.... Read more

    Affected Products : api_connect
    • EPSS Score: %2.04
    • Published: Apr. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-40519

    Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.... Read more

    • EPSS Score: %0.27
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-5649

    SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.... Read more

    Affected Products : article_manager_pro
    • EPSS Score: %0.70
    • Published: Dec. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-23924

    Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker c... Read more

    Affected Products : dompdf
    • EPSS Score: %59.19
    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-38650

    A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with t... Read more

    Affected Products : hyperic_server
    • EPSS Score: %0.34
    • Published: Nov. 12, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-42497

    Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.... Read more

    Affected Products : api2cart_bridge_connector
    • EPSS Score: %0.62
    • Published: Nov. 18, 2022
    • Modified: Feb. 20, 2025

  • 10.0

    HIGH
    CVE-2016-1998

    HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.... Read more

    Affected Products : service_manager
    • EPSS Score: %1.67
    • Published: Mar. 22, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3008

    Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.... Read more

    Affected Products : enterprise_backup
    • EPSS Score: %31.66
    • Published: Apr. 28, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-24051

    The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be... Read more

    • EPSS Score: %0.46
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24054

    The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only take... Read more

    • EPSS Score: %0.63
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-24186

    A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.... Read more

    Affected Products : wpdiscuz
    • EPSS Score: %93.54
    • Published: Aug. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24264

    Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a contain... Read more

    Affected Products : portainer
    • EPSS Score: %4.37
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291209 Results