Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-21903

    A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send ... Read more

    Affected Products : ic_module_cma
    • EPSS Score: %0.20
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-21940

    A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger t... Read more

    • EPSS Score: %0.52
    • Published: Oct. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-7190

    Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS).... Read more

    Affected Products : adium
    • EPSS Score: %0.40
    • Published: Sep. 09, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2021-22657

    mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.... Read more

    Affected Products : mypro
    • EPSS Score: %0.40
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-22667

    BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior)... Read more

    • EPSS Score: %0.60
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-41892

    Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fix... Read more

    Affected Products : craft_cms
    • EPSS Score: %93.72
    • Published: Sep. 13, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15422

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0183

    Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.... Read more

    • EPSS Score: %79.52
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-8327

    A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.... Read more

    • EPSS Score: %21.26
    • Published: Jul. 11, 2018
    • Modified: Jul. 16, 2025

  • 10.0

    HIGH
    CVE-2015-9188

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD ... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15477

    The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.... Read more

    Affected Products : raspberrytortoise
    • EPSS Score: %8.17
    • Published: Jul. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8021

    EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.... Read more

    Affected Products : elastic_cloud_storage
    • EPSS Score: %0.95
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2021-2248

    Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoc... Read more

    Affected Products : secure_global_desktop
    • EPSS Score: %3.97
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15612

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When ... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0885

    A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web int... Read more

    Affected Products : smcd3g-ccr smcd3g-ccr_firmware
    • EPSS Score: %20.93
    • Published: Feb. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0922

    The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.... Read more

    Affected Products : data_protector
    • EPSS Score: %82.01
    • Published: Feb. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2017-8110

    www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.... Read more

    Affected Products : modified_ecommerce_shopsoftware
    • EPSS Score: %0.34
    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2011-0464

    Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : vibe_onprem
    • EPSS Score: %10.28
    • Published: Mar. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-1377

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system comm... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13352

    WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset t... Read more

    Affected Products : cynap
    • EPSS Score: %1.04
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291513 Results