Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-11543

    OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 where an administrator and a system user accounts are t... Read more

    Affected Products : gateway
    • EPSS Score: %0.53
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4730

    The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended ... Read more

    • EPSS Score: %1.06
    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-17914

    InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the Indu... Read more

    • EPSS Score: %3.90
    • Published: Nov. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4761

    Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilder_ed... Read more

    • EPSS Score: %1.75
    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-5724

    MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.... Read more

    • EPSS Score: %38.66
    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-2768

    EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could p... Read more

    • EPSS Score: %2.71
    • Published: Feb. 03, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2021-41506

    Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20... Read more

    • EPSS Score: %0.99
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28895

    A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.... Read more

    Affected Products : dir-882_firmware dir-882
    • EPSS Score: %33.42
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28906

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %11.61
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-42109

    VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.... Read more

    • EPSS Score: %0.62
    • Published: Oct. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-42237

    Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this... Read more

    Affected Products : experience_platform
    • Actively Exploited
    • EPSS Score: %94.37
    • Published: Nov. 05, 2021
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-29303

    SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Actively Exploited
    • EPSS Score: %94.37
    • Published: May. 12, 2022
    • Modified: Mar. 12, 2025

  • 10.0

    HIGH
    CVE-2022-29397

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %0.46
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29399

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %0.45
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29539

    resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass... Read more

    Affected Products : gemini-net
    • EPSS Score: %2.17
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29591

    Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.... Read more

    Affected Products : tx9_pro_firmware tx9_pro
    • EPSS Score: %0.35
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37913

    The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the sy... Read more

    Affected Products : oaklouds_portal
    • EPSS Score: %5.68
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-5449

    Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-... Read more

    Affected Products : secure_backup
    • EPSS Score: %4.50
    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-30329

    An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands.... Read more

    Affected Products : tew-831dr_firmware tew-831dr
    • EPSS Score: %0.81
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38390

    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egy... Read more

    Affected Products : diaenergie
    • EPSS Score: %1.65
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291890 Results