Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-6723

    An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system com... Read more

    Affected Products : repox
    • EPSS Score: %0.04
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-32766

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versio... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-21063

    An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018).... Read more

    Affected Products : android
    • EPSS Score: %0.17
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45610

    Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80... Read more

    • EPSS Score: %0.29
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45622

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1... Read more

    • EPSS Score: %2.67
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-35746

    Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2.... Read more

    Affected Products : buddypress_cover
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-3820

    The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insuffi... Read more

    Affected Products : wpdatatables
    • Published: Jun. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-6441

    An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn'... Read more

    • EPSS Score: %46.26
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-5158

    The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    • EPSS Score: %5.49
    • Published: Aug. 21, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-6563

    Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.... Read more

    • EPSS Score: %0.14
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-43918

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.... Read more

    Affected Products : product_table
    • Published: Aug. 29, 2024
    • Modified: Oct. 10, 2024

  • 10.0

    HIGH
    CVE-2008-7148

    Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file.... Read more

    Affected Products : synfigstudio
    • EPSS Score: %0.71
    • Published: Sep. 01, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2024-1783

    A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument ht... Read more

    Affected Products : lr1200gb_firmware lr1200gb
    • Published: Feb. 23, 2024
    • Modified: Apr. 01, 2025

  • 10.0

    CRITICAL
    CVE-2024-1839

    Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an unauthenticated remote attacker to execute malicious code, exfiltrate data, or manipulate the database.... Read more

    Affected Products :
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-25925

    Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12. ... Read more

    Affected Products : easy_checkout_field_editor
    • Published: Feb. 26, 2024
    • Modified: May. 08, 2025

  • 10.0

    HIGH
    CVE-2017-8864

    Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" t... Read more

    Affected Products : 3960hd_firmware 3960hd
    • EPSS Score: %0.65
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2022-33206

    Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An att... Read more

    • EPSS Score: %0.45
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-22055

    The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the sys... Read more

    Affected Products : le-yan_dental_management_system
    • EPSS Score: %3.16
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-2974

    The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, ... Read more

    Affected Products : smc8024l2_switch
    • EPSS Score: %0.80
    • Published: Jul. 19, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-49257

    Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 291526 Results