Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2017-13995

    An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pa... Read more

    Affected Products : ininet_webserver
    • EPSS Score: %1.60
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14002

    GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain ac... Read more

    • EPSS Score: %15.38
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27113

    An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.... Read more

    • EPSS Score: %28.61
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31474

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds... Read more

    Affected Products : network_performance_monitor
    • EPSS Score: %53.63
    • Published: May. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17269

    Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field.... Read more

    Affected Products : remote_access
    • EPSS Score: %1.50
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3654

    u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon M... Read more

    • EPSS Score: %0.36
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3657

    u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,... Read more

    • EPSS Score: %3.07
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-9411

    The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible... Read more

    • EPSS Score: %0.38
    • Published: Jun. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25074

    TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.... Read more

    Affected Products : tl-wr902ac_firmware tl-wr902ac
    • EPSS Score: %3.35
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44622

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • EPSS Score: %0.95
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-21643

    USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct... Read more

    Affected Products : useful_simple_open-source_cms
    • EPSS Score: %0.26
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12072

    An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can complet... Read more

    • EPSS Score: %0.36
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-32449

    TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.... Read more

    Affected Products : ex300_v2_firmware ex300_v2
    • EPSS Score: %18.71
    • Published: Jul. 07, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-4223

    Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors.... Read more

    Affected Products : sysinternals_debugview
    • EPSS Score: %9.41
    • Published: Nov. 08, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-25913

    Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. ... Read more

    Affected Products : moveto
    • Published: Feb. 26, 2024
    • Modified: May. 08, 2025

  • 10.0

    HIGH
    CVE-2015-1801

    The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.... Read more

    Affected Products : galaxy_s4_firmware galaxy_s4
    • EPSS Score: %0.91
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2012-3270

    Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-... Read more

    Affected Products : performance_insight
    • EPSS Score: %3.31
    • Published: Nov. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-14475

    In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with t... Read more

    • EPSS Score: %4.97
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2578

    cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerN... Read more

    • EPSS Score: %72.28
    • Published: Oct. 11, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-3232

    The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet dae... Read more

    Affected Products : totalstorage_ds400
    • EPSS Score: %1.35
    • Published: Jun. 15, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292095 Results