Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2010-2261

    Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.... Read more

    Affected Products : wap54gv3
    • EPSS Score: %2.91
    • Published: Jun. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-5912

    Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords.... Read more

    Affected Products : campsite
    • EPSS Score: %0.45
    • Published: Nov. 15, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-14115

    A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.... Read more

    Affected Products : ax3600_firmware ax3600
    • EPSS Score: %0.74
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51419

    Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7. ... Read more

    Affected Products : bertha_ai
    • EPSS Score: %0.66
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-6099

    Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities.... Read more

    Affected Products : ingate_firewall ingate_siparator
    • EPSS Score: %1.07
    • Published: Nov. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-0915

    The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an "overflow."... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.22
    • Published: Mar. 18, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-2361

    Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks.... Read more

    Affected Products : winny
    • EPSS Score: %0.35
    • Published: Aug. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-14528

    Invoxia NVX220 devices allow TELNET access as admin with a default password.... Read more

    Affected Products : nvx220_firmware nvx220
    • EPSS Score: %1.04
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16737

    The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.... Read more

    • EPSS Score: %3.27
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-14268

    A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code ... Read more

    Affected Products : notes
    • EPSS Score: %1.67
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-7233

    GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for S... Read more

    Affected Products : precision_thunis-800\+
    • EPSS Score: %0.57
    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-16523

    MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.... Read more

    • EPSS Score: %2.91
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-0546

    EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name.... Read more

    • EPSS Score: %3.41
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2006-1276

    admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie.... Read more

    Affected Products : php_simplenews
    • EPSS Score: %4.59
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2017-14480

    In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution wi... Read more

    • EPSS Score: %5.01
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-3092

    Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, becau... Read more

    Affected Products : asus_wl-500w
    • EPSS Score: %0.45
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-7198

    Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors.... Read more

    Affected Products : phpns
    • EPSS Score: %0.34
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2016-5788

    General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors.... Read more

    • EPSS Score: %0.30
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-5859

    On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vulnerability involving the certificate of the device and its RSA keys, aka RBN-183.... Read more

    • EPSS Score: %0.18
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2022-26666

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results