Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-31758

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : ac11_firmware ac11
    • EPSS Score: %40.11
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-31891

    A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control ... Read more

    • EPSS Score: %4.58
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-4309

    VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions.... Read more

    Affected Products : windows_terminal
    • EPSS Score: %0.92
    • Published: Aug. 23, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-29730

    USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device.... Read more

    • EPSS Score: %0.64
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-32440

    NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.p... Read more

    Affected Products : netalertx
    • Published: May. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2020-28951

    libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.... Read more

    Affected Products : openwrt
    • EPSS Score: %0.52
    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-32494

    Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. ... Read more

    Affected Products : radare2
    • EPSS Score: %0.19
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25438

    Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %15.92
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-5407

    A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructur... Read more

    Affected Products : rhinos rhinos
    • Published: May. 27, 2024
    • Modified: Jun. 05, 2025

  • 10.0

    HIGH
    CVE-2012-0695

    Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.... Read more

    • EPSS Score: %0.22
    • Published: Jan. 12, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-7165

    A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.83
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-32671

    Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or do... Read more

    Affected Products : flarum
    • EPSS Score: %3.24
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-0318

    The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.... Read more

    Affected Products : drupal banckle_chat
    • EPSS Score: %1.38
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2023-48426

    u-boot bug that allows for u-boot shell and interrupt over UART ... Read more

    • Published: Apr. 05, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-23615

    A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. ... Read more

    Affected Products : symantec_messaging_gateway
    • EPSS Score: %6.30
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0839

    post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal ... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2024-23622

    A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. ... Read more

    Affected Products : merge_efilm_workstation
    • EPSS Score: %0.95
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-0474

    In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andr... Read more

    Affected Products : android
    • EPSS Score: %3.88
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-3686

    cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action.... Read more

    Affected Products : airlive_wl2600cam
    • EPSS Score: %34.79
    • Published: Oct. 11, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-6092

    Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.... Read more

    Affected Products : ingate_firewall ingate_siparator
    • EPSS Score: %0.39
    • Published: Nov. 22, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291312 Results