Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-1476

    Unspecified vulnerability in the KKtalk (com.kkliaotian.android) application 4.0.0 and 4.1.5 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android kktalk
    • EPSS Score: %0.33
    • Published: Mar. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1478

    Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm) application 2.2.0 and 3.2.1 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android ucmobile_blovestorm
    • EPSS Score: %0.33
    • Published: Mar. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2022-47893

    There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.... Read more

    Affected Products : netman_204_firmware netman_204
    • EPSS Score: %1.72
    • Published: Oct. 03, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28577

    It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %20.86
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-27140

    WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, `importar_dump.php` endpoint. This vulnerability could allow an attacker to execute arbitrary co... Read more

    Affected Products : wegia
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2018-5560

    A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.... Read more

    Affected Products : gz521w_firmware gz521w
    • EPSS Score: %0.47
    • Published: Jan. 31, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28896

    A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.... Read more

    Affected Products : dir-882_firmware dir-882
    • EPSS Score: %33.42
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-2316

    Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."... Read more

    Affected Products : open_business_management
    • EPSS Score: %0.85
    • Published: Apr. 26, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-51545

    Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02... Read more

    Affected Products :
    • Published: Dec. 05, 2024
    • Modified: Dec. 05, 2024

  • 10.0

    HIGH
    CVE-2014-8579

    TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.... Read more

    Affected Products : tew-823dru_firmware tew-823dru
    • EPSS Score: %1.23
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-13925

    Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to... Read more

    Affected Products : kylin
    • EPSS Score: %84.70
    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-6503

    Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.... Read more

    Affected Products : joomla\! com_ninjaxplorer
    • EPSS Score: %0.42
    • Published: Jan. 24, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-22004

    Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application ... Read more

    • Published: Apr. 05, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    HIGH
    CVE-2007-2494

    Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile,... Read more

    Affected Products : powerpoint_viewer_ocx
    • EPSS Score: %10.23
    • Published: May. 04, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-0231

    PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP ses... Read more

    • EPSS Score: %1.40
    • Published: Mar. 15, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-0242

    Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.... Read more

    Affected Products : advantech_webaccess
    • EPSS Score: %14.09
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-31758

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : ac11_firmware ac11
    • EPSS Score: %40.11
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-31891

    A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control ... Read more

    • EPSS Score: %4.58
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-4309

    VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions.... Read more

    Affected Products : windows_terminal
    • EPSS Score: %0.92
    • Published: Aug. 23, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-29730

    USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.... Read more

    • EPSS Score: %0.64
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291389 Results