Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-29384

    Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. ... Read more

    Affected Products : jobwp
    • EPSS Score: %4.84
    • Published: Dec. 20, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44630

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • EPSS Score: %0.90
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-30856

    eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send a... Read more

    Affected Products : edex-ui
    • EPSS Score: %0.14
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44881

    D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.... Read more

    Affected Products : dir-882_firmware dir-882
    • EPSS Score: %8.69
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-8739

    VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.... Read more

    Affected Products : vpn_unlimited
    • EPSS Score: %0.47
    • Published: Mar. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-4502

    Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size pa... Read more

    Affected Products : bfgminer sgminer
    • EPSS Score: %0.52
    • Published: Jul. 23, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2023-6723

    An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system com... Read more

    Affected Products : repox
    • EPSS Score: %0.04
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-32766

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versio... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-21063

    An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018).... Read more

    Affected Products : android
    • EPSS Score: %0.17
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45610

    Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80... Read more

    • EPSS Score: %0.29
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45622

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1... Read more

    • EPSS Score: %2.67
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-35746

    Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2.... Read more

    Affected Products : buddypress_cover
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-3820

    The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insuffi... Read more

    Affected Products : wpdatatables
    • Published: Jun. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-6441

    An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn'... Read more

    • EPSS Score: %46.26
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-5158

    The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    • EPSS Score: %5.49
    • Published: Aug. 21, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-6563

    Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.... Read more

    • EPSS Score: %0.14
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-43918

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.... Read more

    Affected Products : product_table
    • Published: Aug. 29, 2024
    • Modified: Oct. 10, 2024

  • 10.0

    HIGH
    CVE-2008-7148

    Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file.... Read more

    Affected Products : synfigstudio
    • EPSS Score: %0.71
    • Published: Sep. 01, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2024-1783

    A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument ht... Read more

    Affected Products : lr1200gb_firmware lr1200gb
    • Published: Feb. 23, 2024
    • Modified: Apr. 01, 2025

  • 10.0

    CRITICAL
    CVE-2024-1839

    Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an unauthenticated remote attacker to execute malicious code, exfiltrate data, or manipulate the database.... Read more

    Affected Products :
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291358 Results