Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-4617

    Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values.  This issue affects Govee Home ap... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 10.0

    CRITICAL
    CVE-2021-27470

    A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary comma... Read more

    Affected Products : factorytalk_assetcentre
    • EPSS Score: %0.38
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-4767

    Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.... Read more

    Affected Products : eucalyptus
    • EPSS Score: %0.50
    • Published: Oct. 10, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-6860

    Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from th... Read more

    Affected Products : mythcontrol
    • EPSS Score: %13.66
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-5757

    Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST ... Read more

    • EPSS Score: %18.52
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-2024

    Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.... Read more

    • EPSS Score: %0.19
    • Published: May. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-27957

    Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. ... Read more

    Affected Products : pie_register
    • Published: Mar. 17, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-7131

    PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.... Read more

    Affected Products : jinzora
    • EPSS Score: %1.24
    • Published: Mar. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7174

    PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same issue as CVE-2006-5235.... Read more

    Affected Products : dimension
    • EPSS Score: %0.79
    • Published: Mar. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-22578

    Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.... Read more

    Affected Products : sequelize
    • EPSS Score: %0.11
    • Published: Feb. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5989

    Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.... Read more

    Affected Products : gs1900-10hp_firmware
    • EPSS Score: %1.08
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6016

    ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspe... Read more

    • EPSS Score: %5.57
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-0361

    Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff... Read more

    • EPSS Score: %2.95
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4704

    Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.... Read more

    Affected Products : codesys_gateway-server
    • EPSS Score: %14.89
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-1421

    Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in include... Read more

    Affected Products : premod_subdog
    • EPSS Score: %4.69
    • Published: Mar. 13, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0980

    Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obt... Read more

    • EPSS Score: %2.18
    • Published: Feb. 16, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-29326

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %1.50
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11940

    Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QC... Read more

    • EPSS Score: %0.27
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-2261

    Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.... Read more

    Affected Products : wap54gv3
    • EPSS Score: %2.91
    • Published: Jun. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-5912

    Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords.... Read more

    Affected Products : campsite
    • EPSS Score: %0.45
    • Published: Nov. 15, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 291623 Results