Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-6500

    The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all versions up to, and including, 1.4.0 (for InPost for W... Read more

    Affected Products :
    • Published: Aug. 17, 2024
    • Modified: Aug. 19, 2024

  • 10.0

    HIGH
    CVE-2021-46309

    An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.... Read more

    • EPSS Score: %0.33
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15751

    An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PH... Read more

    Affected Products : sitos_six
    • EPSS Score: %7.92
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15130

    The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST r... Read more

    Affected Products : humatrix_7
    • EPSS Score: %4.63
    • Published: Aug. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-0889

    In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidV... Read more

    Affected Products : android
    • EPSS Score: %3.66
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-2868

    An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can ove... Read more

    Affected Products : comfortlink_ii_firmware
    • EPSS Score: %7.33
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2012-4334

    The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained ... Read more

    Affected Products : net-i_viewer
    • EPSS Score: %35.69
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-3644

    Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to... Read more

    • EPSS Score: %11.65
    • Published: Jun. 18, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4274

    Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B allows remote attackers to exe... Read more

    • EPSS Score: %7.11
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-29499

    The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.... Read more

    Affected Products : mivoice_connect
    • Actively Exploited
    • EPSS Score: %89.83
    • Published: Apr. 26, 2022
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2007-5323

    The RepliStor Server Service in EMC Replistor 6.1.3 allows remote attackers to execute arbitrary code via a size value that causes RepliStor to create a smaller buffer than expected, which triggers a buffer overflow when that buffer is used in a recv func... Read more

    Affected Products : replistor emc_replistor
    • EPSS Score: %11.84
    • Published: Oct. 11, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-13354

    System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.... Read more

    Affected Products : terramaster_operating_system tos tos
    • EPSS Score: %12.08
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4322

    Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet.... Read more

    Affected Products : realwin_server
    • EPSS Score: %67.53
    • Published: Sep. 29, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-6997

    Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE... Read more

    • EPSS Score: %0.40
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-5932

    Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.... Read more

    • EPSS Score: %0.86
    • Published: Sep. 23, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-7015

    PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against dire... Read more

    Affected Products : jobline
    • EPSS Score: %4.32
    • Published: Feb. 15, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7027

    Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.... Read more

    Affected Products : isa_server
    • EPSS Score: %38.74
    • Published: Feb. 23, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-20591

    Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.... Read more

    • Published: Aug. 13, 2024
    • Modified: Mar. 13, 2025

  • 10.0

    HIGH
    CVE-2018-13858

    MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.... Read more

    • EPSS Score: %1.59
    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13924

    Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdra... Read more

    • EPSS Score: %0.38
    • Published: Jul. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291305 Results