Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-3205

    backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.... Read more

    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-31241

    Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.... Read more

    • Published: May. 22, 2023
    • Modified: Dec. 09, 2024

  • 10.0

    CRITICAL
    CVE-2023-3696

    Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.... Read more

    Affected Products : mongoose
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-5387

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more

    Affected Products : intelligent_management_center
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-1933

    UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables... Read more

    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-2138

    Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2.... Read more

    Affected Products : nuxt
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-14701

    Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). The supported version that is affected is 8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT... Read more

    Affected Products : sd-wan_aware
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-8205

    A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be execu... Read more

    Affected Products : network_advisor
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-3915

    The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_p... Read more

    Affected Products : rocket_servergraph
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2023-26045

    NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payl... Read more

    Affected Products : nodebb
    • Published: Jul. 24, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44135

    pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.... Read more

    Affected Products : pagekit
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15865

    A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This ca... Read more

    Affected Products : reports
    • Published: Aug. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51468

    Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. ... Read more

    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51475

    Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0. ... Read more

    Affected Products : wp_mlm_unilevel
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45620

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.... Read more

    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-6598

    Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."... Read more

    Affected Products : wanpipe
    • Published: Apr. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6604

    Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390.... Read more

    Affected Products : picoflat_cms
    • Published: Apr. 04, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-6016

    An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature.... Read more

    Affected Products : h2o
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-37112

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.... Read more

    Affected Products : wishlist_member
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1643

    Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecti... Read more

    • Published: Aug. 29, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 292862 Results