Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-5553

    The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.... Read more

    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6552

    Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.... Read more

    Affected Products : dx-350_firmware dx-350
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14010

    OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.... Read more

    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-2433

    Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console".... Read more

    Affected Products : websphere_application_server
    • Published: May. 17, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-27298

    parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20. ... Read more

    Affected Products : parse-server
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-46742

    Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. ... Read more

    Affected Products : paddlepaddle
    • Published: Dec. 07, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15833

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modi... Read more

    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15835

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private ke... Read more

    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-12577

    An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.... Read more

    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-3786

    A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument.... Read more

    Affected Products : egg-scripts
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-3972

    An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logi... Read more

    Affected Products : monero
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-25813

    Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the speci... Read more

    Affected Products : sequelize
    • Published: Feb. 22, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5393

    The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it ... Read more

    Affected Products : eap_controller
    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14421

    D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.... Read more

    Affected Products : dir-850l_firmware dir-850l
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-8249

    The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.... Read more

    Affected Products : desktop_central
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-26121

    All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.... Read more

    Affected Products : safe-eval
    • Published: Apr. 11, 2023
    • Modified: Feb. 10, 2025

  • 10.0

    CRITICAL
    CVE-2023-26122

    All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **... Read more

    Affected Products : safe-eval
    • Published: Apr. 11, 2023
    • Modified: Feb. 07, 2025

  • 10.0

    CRITICAL
    CVE-2021-33975

    Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges.... Read more

    Affected Products : safe_browser
    • Published: Apr. 19, 2023
    • Modified: Feb. 05, 2025

  • 10.0

    CRITICAL
    CVE-2021-33970

    Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.... Read more

    Affected Products : chrome
    • Published: Apr. 19, 2023
    • Modified: Feb. 05, 2025

  • 10.0

    CRITICAL
    CVE-2023-1778

    This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based managemen... Read more

    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293414 Results