Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-2019

    Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.... Read more

    Affected Products : operations_agent
    • EPSS Score: %75.60
    • Published: Jul. 11, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2023-49772

    Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0. ... Read more

    Affected Products : genesis_simple_love
    • EPSS Score: %0.30
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-49773

    Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23. ... Read more

    Affected Products : bcorp_shortcodes
    • EPSS Score: %0.30
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-49778

    Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. ... Read more

    Affected Products : sayfa_sayac
    • EPSS Score: %0.63
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45498

    NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass.... Read more

    Affected Products : r6700v2_firmware r6700v2
    • EPSS Score: %0.25
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-6651

    Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter.... Read more

    Affected Products : oxybox
    • EPSS Score: %2.28
    • Published: Apr. 07, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2022-1986

    OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.... Read more

    Affected Products : gogs
    • EPSS Score: %16.27
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-4007

    Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/a... Read more

    Affected Products : sapid_cms
    • EPSS Score: %0.39
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-28464

    This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.... Read more

    Affected Products : djv
    • EPSS Score: %0.47
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46319

    Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid... Read more

    Affected Products : dir-846_firmware dir-846
    • EPSS Score: %16.56
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-16259

    Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.... Read more

    Affected Products : winston_firmware winston
    • EPSS Score: %0.40
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-3605

    The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied param... Read more

    Affected Products : wp_hotel_booking
    • Published: Jun. 20, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46422

    Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.... Read more

    Affected Products : sdt-cs3b1_firmware sdt-cs3b1
    • EPSS Score: %94.26
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2023-7220

    A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overfl... Read more

    Affected Products : nr1800x_firmware nr1800x
    • EPSS Score: %0.13
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-38366

    trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain M... Read more

    Affected Products : trunk.cocoapods.org
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-0001

    A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.... Read more

    Affected Products : purity\/\/fa
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 10.0

    CRITICAL
    CVE-2024-0520

    A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loadi... Read more

    Affected Products : mlflow
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13983

    An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.... Read more

    • EPSS Score: %14.92
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-3585

    redhat-upgrade-tool: Does not check GPG signatures when upgrading versions... Read more

    • EPSS Score: %0.28
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-1100

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through 2.23.5.... Read more

    Affected Products :
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291531 Results