Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-1695

    PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stati... Read more

    Affected Products : phpbb
    • EPSS Score: %0.78
    • Published: Mar. 27, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-4860

    Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php, (6) treecomp.inc.php, (7) forum.html.php, (8) forum.php, (9) antihack.php, (10) content.php, (11) initglobals.php, and (12)... Read more

    Affected Products : limbo_cms
    • EPSS Score: %2.09
    • Published: Sep. 19, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0393

    Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password.... Read more

    Affected Products : 1050ap_lan_acess_point
    • EPSS Score: %3.15
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-50482

    Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 10.0

    HIGH
    CVE-2007-1770

    Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and exec... Read more

    Affected Products : arcgis arcsde
    • EPSS Score: %25.87
    • Published: Mar. 30, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-41918

    A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the... Read more

    Affected Products :
    • Published: Jul. 02, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30909

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30917

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-33514

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-A... Read more

    • EPSS Score: %24.21
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-1681

    Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.... Read more

    Affected Products : db2_content_manager
    • EPSS Score: %0.98
    • Published: Apr. 04, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3224

    Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."... Read more

    Affected Products : phpbb
    • EPSS Score: %0.32
    • Published: Jul. 18, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2021-21245

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary... Read more

    Affected Products : onedev
    • EPSS Score: %0.34
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-33972

    Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges.... Read more

    Affected Products : safe_browser
    • EPSS Score: %0.12
    • Published: Apr. 19, 2023
    • Modified: Feb. 05, 2025

  • 10.0

    HIGH
    CVE-2019-13204

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arb... Read more

    • EPSS Score: %0.17
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-28998

    An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system acco... Read more

    Affected Products : gnc-cw013_firmware gnc-cw013
    • EPSS Score: %2.01
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27082

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.... Read more

    Affected Products : m3_firmware m3
    • EPSS Score: %16.11
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34079

    OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.... Read more

    Affected Products : docker-tester
    • EPSS Score: %10.56
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13278

    TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercise... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • EPSS Score: %60.72
    • Published: Jul. 10, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2000-1172

    Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and possibly execute arbitrary commands via a long HTML tag.... Read more

    Affected Products : gaim
    • EPSS Score: %1.80
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-5238

    Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors.... Read more

    Affected Products : blue_smiley_organizer
    • EPSS Score: %0.38
    • Published: Oct. 12, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 291368 Results