Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2018-3867

    An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handl... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.40
    • Published: Aug. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-2872

    Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrad... Read more

    Affected Products : c1_firmware c1
    • EPSS Score: %0.29
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2020-15196

    In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully s... Read more

    Affected Products : tensorflow
    • EPSS Score: %0.30
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3875

    An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payl... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.48
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3904

    An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSO... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.38
    • Published: Aug. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3894

    An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 b... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.22
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2018-3903

    On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigge... Read more

    Affected Products : sth-eth-250_firmware sth-eth-250
    • EPSS Score: %0.39
    • Published: Aug. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-34809

    Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vect... Read more

    Affected Products : download_station
    • EPSS Score: %1.64
    • Published: Jun. 18, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-24663

    PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user.... Read more

    Affected Products : php_everywhere
    • EPSS Score: %1.93
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-32017

    An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and fi... Read more

    Affected Products : asset_management
    • EPSS Score: %0.23
    • Published: Aug. 03, 2021
    • Modified: May. 30, 2025

  • 9.9

    CRITICAL
    CVE-2022-41976

    An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.... Read more

    Affected Products : scada-lts
    • EPSS Score: %0.45
    • Published: Apr. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-40200

    Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.... Read more

    Affected Products : wpforo_forum
    • EPSS Score: %0.43
    • Published: Nov. 17, 2022
    • Modified: Feb. 20, 2025

  • 9.9

    CRITICAL
    CVE-2023-30537

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki ... Read more

    Affected Products : xwiki
    • EPSS Score: %2.15
    • Published: Apr. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-34207

    Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a cra... Read more

    Affected Products : mailhunter_ultimate
    • EPSS Score: %0.29
    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-21892

    A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP... Read more

    • EPSS Score: %4.36
    • Published: Dec. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-21954

    A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution.... Read more

    • EPSS Score: %1.66
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-37914

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution inc... Read more

    Affected Products : xwiki
    • EPSS Score: %4.32
    • Published: Aug. 17, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2023-22647

    An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions t... Read more

    Affected Products : rancher rancher
    • EPSS Score: %0.58
    • Published: Jun. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-23140

    Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 version... Read more

    Affected Products : command_centre
    • EPSS Score: %0.23
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-43802

    Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a... Read more

    Affected Products : etherpad
    • EPSS Score: %0.55
    • Published: Dec. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results