Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-32535

    The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.... Read more

    Affected Products : pra-es8p2s_firmware pra-es8p2s
    • EPSS Score: %0.28
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-32548

    An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.... Read more

    • EPSS Score: %62.78
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-3554

    Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender En... Read more

    Affected Products : endpoint_security_tools gravityzone
    • EPSS Score: %0.32
    • Published: Nov. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-52225

    Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1. ... Read more

    Affected Products : taggbox
    • EPSS Score: %0.63
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-14451

    An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote ... Read more

    Affected Products : ethereum
    • EPSS Score: %2.65
    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28910

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %11.61
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28912

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %11.61
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14474

    In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of th... Read more

    • EPSS Score: %4.97
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-1255

    The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.... Read more

    Affected Products : p-660hw
    • EPSS Score: %0.34
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-36582

    In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply trigge... Read more

    Affected Products : kooboo_cms
    • EPSS Score: %0.43
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-41299

    ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.... Read more

    • EPSS Score: %1.19
    • Published: Sep. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-5074

    Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.... Read more

    Affected Products : mojolicious
    • EPSS Score: %0.45
    • Published: May. 03, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2023-38490

    Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, 'xml')`) or the `Xml::parse()` method in site or... Read more

    Affected Products : kirby
    • EPSS Score: %18.07
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-5938

    Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file.... Read more

    Affected Products : avg_antivirus
    • EPSS Score: %0.52
    • Published: Nov. 16, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2019-7268

    Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.... Read more

    • EPSS Score: %3.49
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-6500

    The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all versions up to, and including, 1.4.0 (for InPost for W... Read more

    Affected Products :
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 10.0

    HIGH
    CVE-2021-46309

    An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.... Read more

    • EPSS Score: %0.33
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15751

    An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PH... Read more

    Affected Products : sitos_six
    • EPSS Score: %7.92
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15130

    The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST r... Read more

    Affected Products : humatrix_7
    • EPSS Score: %4.63
    • Published: Aug. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-0889

    In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidV... Read more

    Affected Products : android
    • EPSS Score: %3.66
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291722 Results