Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-44738

    Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.... Read more

    • EPSS Score: %0.84
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39675

    In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produc... Read more

    Affected Products : android
    • EPSS Score: %5.79
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6298

    Remote code execution in Hanwha Techwin Smartcams... Read more

    • EPSS Score: %3.39
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46007

    totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.... Read more

    Affected Products : ar3100r_firmware ar3100r
    • EPSS Score: %9.41
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-4202

    IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.... Read more

    Affected Products : api_connect
    • EPSS Score: %2.04
    • Published: Apr. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-40519

    Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.... Read more

    • EPSS Score: %0.27
    • Published: Nov. 10, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-5649

    SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.... Read more

    Affected Products : article_manager_pro
    • EPSS Score: %0.70
    • Published: Dec. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-23924

    Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker c... Read more

    Affected Products : dompdf
    • EPSS Score: %59.19
    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-38650

    A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with t... Read more

    Affected Products : hyperic_server
    • EPSS Score: %0.34
    • Published: Nov. 12, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-42497

    Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.... Read more

    Affected Products : api2cart_bridge_connector
    • EPSS Score: %0.62
    • Published: Nov. 18, 2022
    • Modified: Feb. 20, 2025

  • 10.0

    HIGH
    CVE-2016-1998

    HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.... Read more

    Affected Products : service_manager
    • EPSS Score: %1.67
    • Published: Mar. 22, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3008

    Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.... Read more

    Affected Products : enterprise_backup
    • EPSS Score: %31.66
    • Published: Apr. 28, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-24051

    The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be... Read more

    • EPSS Score: %0.46
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24054

    The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only take... Read more

    • EPSS Score: %0.63
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-24186

    A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.... Read more

    Affected Products : wpdiscuz
    • EPSS Score: %93.54
    • Published: Aug. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24264

    Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a contain... Read more

    Affected Products : portainer
    • EPSS Score: %4.37
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-3443

    Unspecified vulnerability in the Spatial component in Oracle Database Server from 9i up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB17.... Read more

    Affected Products : database_server
    • EPSS Score: %3.42
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-3460

    Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager 9.0.4.1 up to 10.1.0.4 has unknown impact and attack vectors, as identified by Oracle Vuln# EM01.... Read more

    • EPSS Score: %2.84
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2022-46161

    pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the contex... Read more

    Affected Products : pdfmake
    • EPSS Score: %4.63
    • Published: Dec. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-29978

    Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch as part of a 3rd party security audit. This vulnerability affects Mozilla VPN < 2.3.... Read more

    Affected Products : vpn mozilla_vpn
    • EPSS Score: %1.03
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results