Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-1396

    Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android go_fbwidget
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1485

    Unspecified vulnerability in the NetFront Life Browser (com.access_company.android.nflifebrowser.lite) application 2.2.0 and 2.3.0 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android netfront_life_browser
    • EPSS Score: %0.45
    • Published: Mar. 15, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-0841

    OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.... Read more

    Affected Products : npm-lockfile
    • EPSS Score: %1.51
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0216

    GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password o... Read more

    Affected Products : ifix
    • EPSS Score: %1.47
    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-0975

    Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor ... Read more

    • EPSS Score: %25.99
    • Published: Feb. 10, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-0028

    A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An a... Read more

    Affected Products : edge
    • EPSS Score: %19.63
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2021-21322

    fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied se... Read more

    Affected Products : fastify-http-proxy
    • EPSS Score: %0.45
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-24813

    Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `... Read more

    Affected Products : dompdf
    • EPSS Score: %6.96
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1051

    Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.... Read more

    Affected Products : ida
    • EPSS Score: %0.46
    • Published: Feb. 21, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-15920

    There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.... Read more

    Affected Products : eframework
    • EPSS Score: %93.93
    • Published: Jul. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-29384

    Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. ... Read more

    Affected Products : jobwp
    • EPSS Score: %4.84
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44630

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • EPSS Score: %0.95
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-30856

    eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send a... Read more

    Affected Products : edex-ui
    • EPSS Score: %0.14
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44881

    D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.... Read more

    Affected Products : dir-882_firmware dir-882
    • EPSS Score: %8.69
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-8739

    VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.... Read more

    Affected Products : vpn_unlimited
    • EPSS Score: %0.47
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4502

    Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size pa... Read more

    Affected Products : bfgminer sgminer
    • EPSS Score: %0.52
    • Published: Jul. 23, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2023-6723

    An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system com... Read more

    Affected Products : repox
    • EPSS Score: %0.04
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-32766

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versio... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-21063

    An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018).... Read more

    Affected Products : android
    • EPSS Score: %0.17
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45610

    Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80... Read more

    • EPSS Score: %0.29
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292100 Results