Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2010-4663

    Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.41
    • Published: Jun. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2018-6667

    Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).... Read more

    Affected Products : mcafee_web_gateway
    • EPSS Score: %2.33
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2994

    Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).... Read more

    Affected Products : web_vulnerability_scanner
    • EPSS Score: %59.46
    • Published: Apr. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2023-29131

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation.... Read more

    Affected Products : simatic_cn_4100
    • EPSS Score: %0.02
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-21244

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3... Read more

    Affected Products : onedev
    • EPSS Score: %0.37
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-4510

    The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which... Read more

    Affected Products : edirectory
    • EPSS Score: %37.86
    • Published: Oct. 24, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-3206

    Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.... Read more

    • EPSS Score: %92.89
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-3454

    Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5)... Read more

    Affected Products : collaboration_suite
    • EPSS Score: %3.42
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-6158

    Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors.... Read more

    Affected Products : w3b\>cms
    • EPSS Score: %1.80
    • Published: Feb. 17, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-24633

    There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers ... Read more

    Affected Products : arubaos sd-wan 9004 9004-lte 9012 7005 7008 7010 7024 7030 +5 more products
    • EPSS Score: %1.34
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24646

    A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %3.86
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24639

    There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host ope... Read more

    Affected Products : airwave_glass
    • EPSS Score: %0.74
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-5129

    A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in... Read more

    Affected Products : youphptube youphptube_encoder
    • EPSS Score: %89.88
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-43931

    Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : vpn_plus_server router_manager
    • EPSS Score: %21.50
    • Published: Jan. 03, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-35189

    Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. ... Read more

    Affected Products : scrutisweb
    • EPSS Score: %0.33
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-6238

    Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a... Read more

    Affected Products : quicktime
    • EPSS Score: %2.74
    • Published: Dec. 04, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-7315

    An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.... Read more

    Affected Products : hg100r_firmware hg100r
    • EPSS Score: %0.89
    • Published: Jul. 04, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-3703

    Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials... Read more

    • EPSS Score: %0.08
    • Published: Sep. 03, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-1968

    Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.... Read more

    • EPSS Score: %0.12
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-39344

    social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for t... Read more

    Affected Products : social-media-skeleton
    • EPSS Score: %5.08
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291384 Results