Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2022-22486

    IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM ... Read more

    Affected Products : tivoli_workload_scheduler
    • EPSS Score: %0.02
    • Published: Feb. 03, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-25096

    Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. ... Read more

    Affected Products : canto
    • Published: Apr. 03, 2024
    • Modified: Apr. 10, 2025

  • 10.0

    CRITICAL
    CVE-2024-25100

    Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. ... Read more

    Affected Products : coupon_referral_program
    • EPSS Score: %0.68
    • Published: Feb. 12, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-1043

    Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.... Read more

    Affected Products : windows_7 internet_explorer
    • EPSS Score: %39.92
    • Published: Mar. 23, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-3260

    Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462.... Read more

    Affected Products : sitescope
    • EPSS Score: %68.58
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2021-26728

    Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.64
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-2912

    An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting t... Read more

    Affected Products :
    • Published: Apr. 16, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-6926

    Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.... Read more

    Affected Products : extremail
    • EPSS Score: %0.43
    • Published: Jan. 13, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-23166

    Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the LFI] Sol... Read more

    Affected Products : sysaid
    • EPSS Score: %0.44
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-6120

    IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation serv... Read more

    • EPSS Score: %4.19
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-8940

    Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the ser... Read more

    Affected Products : scriptcase
    • Published: Sep. 25, 2024
    • Modified: Oct. 01, 2024

  • 10.0

    CRITICAL
    CVE-2023-6018

    An attacker can overwrite any file on the server hosting MLflow without any authentication.... Read more

    Affected Products : mlflow
    • EPSS Score: %88.39
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9479

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonst... Read more

    • EPSS Score: %2.34
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2024-7332

    A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded pass... Read more

    Affected Products : cp450_firmware cp450
    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 10.0

    HIGH
    CVE-2011-2961

    Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet.... Read more

    Affected Products : pnetpower
    • EPSS Score: %11.19
    • Published: Jul. 29, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-32809

    Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41.... Read more

    Affected Products : activedemand
    • Published: May. 17, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-25437

    Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.... Read more

    Affected Products : tizen
    • EPSS Score: %1.14
    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-8529

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping ... Read more

    Affected Products : learnpress
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 10.0

    HIGH
    CVE-2008-0529

    Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.... Read more

    • EPSS Score: %7.10
    • Published: Feb. 15, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-27944

    Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack... Read more

    • EPSS Score: %1.07
    • Published: Aug. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292238 Results