Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-2197

    By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations.... Read more

    Affected Products : rme1_firmware rme1
    • EPSS Score: %0.20
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-5374

    Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01.... Read more

    Affected Products : pharmaceutical
    • EPSS Score: %2.75
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-27569

    Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.... Read more

    Affected Products : android dex
    • EPSS Score: %1.17
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8868

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The ... Read more

    Affected Products : foglight_evolve
    • EPSS Score: %25.68
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11811

    In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file.... Read more

    Affected Products : qdpm
    • EPSS Score: %0.94
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11691

    Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue... Read more

    Affected Products : ve6046_firmware ve6046
    • EPSS Score: %0.48
    • Published: May. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-6769

    Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confident... Read more

    • EPSS Score: %1.08
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20020

    A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.... Read more

    Affected Products : global_management_system
    • EPSS Score: %2.38
    • Published: Apr. 10, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0444

    HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : solaris operations_agent
    • EPSS Score: %6.43
    • Published: Feb. 09, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-10271

    MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ... Read more

    • EPSS Score: %0.44
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11552

    An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to es... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %5.32
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26887

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system ... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.40
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14112

    Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mo... Read more

    • EPSS Score: %0.36
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28581

    It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %20.86
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-36010

    This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/components/JsonFunctionValue.js). T... Read more

    Affected Products : react_editable_json_tree
    • EPSS Score: %0.49
    • Published: Aug. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3718

    Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : magento
    • EPSS Score: %8.70
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26349

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and exec... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-32535

    The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.... Read more

    Affected Products : pra-es8p2s_firmware pra-es8p2s
    • EPSS Score: %0.28
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-32548

    An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.... Read more

    • EPSS Score: %62.78
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-3554

    Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender En... Read more

    Affected Products : endpoint_security_tools gravityzone
    • EPSS Score: %0.32
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292100 Results