Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-42489

    Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vul... Read more

    Affected Products : pro_macros
    • Published: Aug. 12, 2024
    • Modified: Sep. 16, 2024

  • 10.0

    HIGH
    CVE-2011-0488

    Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arb... Read more

    Affected Products : advantech_studio web_studio
    • EPSS Score: %18.24
    • Published: Jan. 18, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1390

    Unspecified vulnerability in the Miso (com.bazaarlabs.miso) application 2.2 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android miso
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-3443

    The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh2... Read more

    Affected Products : wide_area_application_services
    • EPSS Score: %7.92
    • Published: Aug. 01, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-2842

    Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable ex... Read more

    Affected Products : goadmin_ce
    • EPSS Score: %43.86
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-4249

    The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC prop... Read more

    Affected Products : kindle_touch
    • EPSS Score: %1.81
    • Published: Aug. 12, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1397

    Unspecified vulnerability in the GO QQWeiboWidget (com.gau.go.launcherex.gowidget.qqweibowidget) application 1.2 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android go_qqweibowidget
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2023-1748

    The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and... Read more

    • EPSS Score: %0.09
    • Published: Apr. 04, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-4617

    Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values.  This issue affects Govee Home ap... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 10.0

    CRITICAL
    CVE-2021-27470

    A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary comma... Read more

    Affected Products : factorytalk_assetcentre
    • EPSS Score: %0.38
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-4767

    Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.... Read more

    Affected Products : eucalyptus
    • EPSS Score: %0.50
    • Published: Oct. 10, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-6860

    Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from th... Read more

    Affected Products : mythcontrol
    • EPSS Score: %13.66
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-5757

    Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST ... Read more

    • EPSS Score: %18.52
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-2024

    Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.... Read more

    • EPSS Score: %0.19
    • Published: May. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-27957

    Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. ... Read more

    Affected Products : pie_register
    • Published: Mar. 17, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-7131

    PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.... Read more

    Affected Products : jinzora
    • EPSS Score: %1.24
    • Published: Mar. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7174

    PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same issue as CVE-2006-5235.... Read more

    Affected Products : dimension
    • EPSS Score: %0.79
    • Published: Mar. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-22578

    Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.... Read more

    Affected Products : sequelize
    • EPSS Score: %0.11
    • Published: Feb. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5989

    Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.... Read more

    Affected Products : gs1900-10hp_firmware
    • EPSS Score: %1.08
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6016

    ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspe... Read more

    • EPSS Score: %5.57
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291358 Results