Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-0001

    A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.... Read more

    Affected Products : purity\/\/fa
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 10.0

    CRITICAL
    CVE-2024-0520

    A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loadi... Read more

    Affected Products : mlflow
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-13983

    An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.... Read more

    • EPSS Score: %14.92
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-3585

    redhat-upgrade-tool: Does not check GPG signatures when upgrading versions... Read more

    • EPSS Score: %0.28
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-1100

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through 2.23.5.... Read more

    Affected Products :
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-37968

    Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over th... Read more

    • EPSS Score: %4.50
    • Published: Oct. 11, 2022
    • Modified: Jan. 02, 2025

  • 10.0

    CRITICAL
    CVE-2024-42450

    The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By d... Read more

    Affected Products : versa_director
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 10.0

    CRITICAL
    CVE-2024-43242

    Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6.... Read more

    Affected Products : ultimate_membership_pro
    • Published: Aug. 19, 2024
    • Modified: Sep. 06, 2024

  • 10.0

    HIGH
    CVE-2008-7031

    Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.... Read more

    Affected Products : wac_server
    • EPSS Score: %3.95
    • Published: Aug. 24, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-5210

    The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.... Read more

    • EPSS Score: %13.51
    • Published: Aug. 21, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2024-43955

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.... Read more

    Affected Products : droip
    • Published: Aug. 29, 2024
    • Modified: Aug. 30, 2024

  • 10.0

    HIGH
    CVE-2017-8658

    A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".... Read more

    Affected Products : chakracore
    • EPSS Score: %36.01
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-7109

    The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.... Read more

    Affected Products : scanner_file_utility
    • EPSS Score: %3.77
    • Published: Aug. 28, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-7276

    Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.... Read more

    Affected Products : enterprise proton
    • EPSS Score: %89.60
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-21941

    All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.... Read more

    Affected Products : istar_ultra_firmware istar_ultra
    • EPSS Score: %2.75
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-33207

    Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An att... Read more

    • EPSS Score: %0.45
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-2949

    The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application.... Read more

    Affected Products : android score_m
    • EPSS Score: %1.92
    • Published: May. 29, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-7265

    Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).... Read more

    • EPSS Score: %29.80
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-3013

    WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session... Read more

    • EPSS Score: %0.63
    • Published: Sep. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-35186

    The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank p... Read more

    Affected Products : adminer
    • EPSS Score: %2.01
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291219 Results