Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2006-0686

    add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access.... Read more

    Affected Products : virtual_hosting_control_system
    • EPSS Score: %2.39
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0698

    Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.... Read more

    Affected Products : zen_cart
    • EPSS Score: %0.50
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-35469

    The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : terracotta_server_oss
    • EPSS Score: %2.01
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-51551

    Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 10.0

    CRITICAL
    CVE-2024-30498

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4. ... Read more

    Affected Products : crm_perks_forms
    • Published: Mar. 29, 2024
    • Modified: Feb. 07, 2025

  • 10.0

    HIGH
    CVE-2022-1039

    The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by defaul... Read more

    Affected Products : da50n_firmware da50n
    • EPSS Score: %0.21
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-28354

    There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell pr... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Mar. 15, 2024
    • Modified: Apr. 01, 2025

  • 10.0

    HIGH
    CVE-2011-2595

    Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file.... Read more

    Affected Products : fotoslate
    • EPSS Score: %74.00
    • Published: Sep. 14, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2022-40981

    All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on th... Read more

    • EPSS Score: %0.04
    • Published: Nov. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-33566

    Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. ... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1375

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system com... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-6909

    Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group nam... Read more

    Affected Products : edbrowse
    • EPSS Score: %4.57
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2020-6770

    Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7... Read more

    • EPSS Score: %11.30
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-31377

    Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001. ... Read more

    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-31996

    XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape `{`, which, when used in certain places, allows XWiki synta... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 09, 2025

  • 10.0

    HIGH
    CVE-2017-14479

    In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution wi... Read more

    • EPSS Score: %5.01
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-6886

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.... Read more

    Affected Products : gitea
    • Published: Aug. 06, 2024
    • Modified: Aug. 06, 2024

  • 10.0

    HIGH
    CVE-2021-27692

    Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUS... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • EPSS Score: %2.58
    • Published: Apr. 16, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3158

    Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1226.... Read more

    • EPSS Score: %45.96
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-8353

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address... Read more

    Affected Products : givewp
    • Published: Sep. 28, 2024
    • Modified: Oct. 01, 2024
Showing 20 of 291219 Results