Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-30493

    In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %2.05
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-13873

    A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can uplo... Read more

    Affected Products : codoforum
    • EPSS Score: %12.78
    • Published: May. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-5254

    Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors.... Read more

    Affected Products : wordpress connections
    • EPSS Score: %1.04
    • Published: Jan. 12, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-7132

    Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.... Read more

    Affected Products : phpmydesk
    • EPSS Score: %1.67
    • Published: Mar. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0100

    The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious s... Read more

    Affected Products : perforce_client
    • EPSS Score: %0.80
    • Published: Jan. 08, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0201

    Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).... Read more

    Affected Products : internet_firewall_toolkit
    • EPSS Score: %6.01
    • Published: Jan. 11, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-13925

    Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snap... Read more

    • EPSS Score: %0.46
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-0657

    Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.... Read more

    • EPSS Score: %60.15
    • Published: Jan. 21, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-0977

    Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : intravue
    • EPSS Score: %0.78
    • Published: Feb. 27, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-18349

    parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP ... Read more

    Affected Products : fastjson pippo
    • EPSS Score: %90.74
    • Published: Oct. 23, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-9335

    A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Manag... Read more

    • EPSS Score: %0.24
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12670

    SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection.... Read more

    • EPSS Score: %12.49
    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-5368

    Unspecified vulnerability in Oracle Exchange component in Oracle E-Business Suite 6.2.4 has unknown impact and remote attack vectors, aka Vuln# APPS01.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.96
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-4157

    Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.... Read more

    • EPSS Score: %32.88
    • Published: Nov. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-3292

    The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : oncommand_workflow_automation
    • EPSS Score: %28.03
    • Published: May. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-25749

    The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account ... Read more

    • EPSS Score: %3.94
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-4944

    Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified page.... Read more

    Affected Products : fleetcommander fleetcommander_kiosk
    • EPSS Score: %3.65
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4959

    Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.... Read more

    Affected Products : file_reporter
    • EPSS Score: %73.92
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-30924

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-39168

    OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. ... Read more

    • EPSS Score: %0.44
    • Published: Aug. 27, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291275 Results