Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2011-0922

    The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.... Read more

    Affected Products : data_protector
    • EPSS Score: %82.01
    • Published: Feb. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2017-8110

    www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.... Read more

    Affected Products : modified_ecommerce_shopsoftware
    • EPSS Score: %0.34
    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2011-0464

    Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : vibe_onprem
    • EPSS Score: %10.28
    • Published: Mar. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-1377

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system comm... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13352

    WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset t... Read more

    Affected Products : cynap
    • EPSS Score: %1.04
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-2019

    Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.... Read more

    Affected Products : operations_agent
    • EPSS Score: %75.60
    • Published: Jul. 11, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2023-49772

    Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0. ... Read more

    Affected Products : genesis_simple_love
    • EPSS Score: %0.30
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-49773

    Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23. ... Read more

    Affected Products : bcorp_shortcodes
    • EPSS Score: %0.30
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-49778

    Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. ... Read more

    Affected Products : sayfa_sayac
    • EPSS Score: %0.63
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45498

    NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass.... Read more

    Affected Products : r6700v2_firmware r6700v2
    • EPSS Score: %0.25
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-6651

    Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter.... Read more

    Affected Products : oxybox
    • EPSS Score: %2.13
    • Published: Apr. 07, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2022-1986

    OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.... Read more

    Affected Products : gogs
    • EPSS Score: %16.27
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-4007

    Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/a... Read more

    Affected Products : sapid_cms
    • EPSS Score: %0.39
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-28464

    This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.... Read more

    Affected Products : djv
    • EPSS Score: %0.47
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46319

    Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid... Read more

    Affected Products : dir-846_firmware dir-846
    • EPSS Score: %16.56
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-16259

    Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.... Read more

    Affected Products : winston_firmware winston
    • EPSS Score: %0.40
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-3605

    The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied param... Read more

    Affected Products : wp_hotel_booking
    • Published: Jun. 20, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46422

    Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.... Read more

    Affected Products : sdt-cs3b1_firmware sdt-cs3b1
    • EPSS Score: %94.26
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2023-7220

    A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overfl... Read more

    Affected Products : nr1800x_firmware nr1800x
    • EPSS Score: %0.13
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-38366

    trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain M... Read more

    Affected Products : trunk.cocoapods.org
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291222 Results