Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-7315

    An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.... Read more

    Affected Products : hg100r_firmware hg100r
    • EPSS Score: %0.89
    • Published: Jul. 04, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-3703

    Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials... Read more

    • EPSS Score: %0.08
    • Published: Sep. 03, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-1968

    Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.... Read more

    • EPSS Score: %0.12
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-39344

    social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for t... Read more

    Affected Products : social-media-skeleton
    • EPSS Score: %5.08
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-2593

    Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors.... Read more

    Affected Products : mindalign
    • EPSS Score: %0.26
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-3804

    The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup ... Read more

    • EPSS Score: %80.42
    • Published: Jun. 13, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2023-41721

    Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by ... Read more

    • EPSS Score: %0.24
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-2306

    Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records. ... Read more

    Affected Products : nicevision
    • EPSS Score: %0.11
    • Published: Oct. 05, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-4309

    Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend dat... Read more

    Affected Products : internet_election_service
    • EPSS Score: %0.56
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-1400

    Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) application 2.0.8.4 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android u\+box_2.0_pad
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1396

    Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android go_fbwidget
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1485

    Unspecified vulnerability in the NetFront Life Browser (com.access_company.android.nflifebrowser.lite) application 2.2.0 and 2.3.0 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android netfront_life_browser
    • EPSS Score: %0.45
    • Published: Mar. 15, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-0841

    OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.... Read more

    Affected Products : npm-lockfile
    • EPSS Score: %1.51
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0216

    GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password o... Read more

    Affected Products : ifix
    • EPSS Score: %1.47
    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-0975

    Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor ... Read more

    • EPSS Score: %25.99
    • Published: Feb. 10, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-0028

    A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An a... Read more

    Affected Products : edge
    • EPSS Score: %19.63
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2021-21322

    fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied se... Read more

    Affected Products : fastify-http-proxy
    • EPSS Score: %0.45
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-24813

    Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `... Read more

    Affected Products : dompdf
    • EPSS Score: %6.32
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1051

    Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.... Read more

    Affected Products : ida
    • EPSS Score: %0.46
    • Published: Feb. 21, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-15920

    There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.... Read more

    Affected Products : eframework
    • EPSS Score: %93.93
    • Published: Jul. 24, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291358 Results