Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-12574

    An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized ac... Read more

    Affected Products : cs-w50hd_firmware cs-w50hd
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-30247

    NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security miscon... Read more

    Affected Products : nextcloudpi
    • Published: Mar. 29, 2024
    • Modified: May. 07, 2025

  • 10.0

    HIGH
    CVE-2022-25880

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system comma... Read more

    Affected Products : diaenergie
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2000-1010

    Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.... Read more

    Affected Products : solaris openbsd linux
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0147

    Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.... Read more

    Affected Products : windows_2000
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-50493

    Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 10.0

    HIGH
    CVE-2007-1397

    Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.... Read more

    Affected Products : fish
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-1999-0760

    Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.... Read more

    Affected Products : coldfusion_server
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-50420

    Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3.... Read more

    Affected Products : adirectory
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 10.0

    HIGH
    CVE-2019-10850

    Computrols CBAS 18.0.0 has Default Credentials.... Read more

    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-5026

    Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.3 have unknown impact and attack vectors.... Read more

    Affected Products : simple_http_scanner
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-35187

    The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root ac... Read more

    Affected Products : telegraf
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-31211

    An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.... Read more

    Affected Products : iray-a8z3_firmware iray-a8z3
    • Published: Jul. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7104

    A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.... Read more

    • Published: Sep. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26854

    Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access... Read more

    • Published: Apr. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-0930

    The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session.... Read more

    Affected Products : hvg_video_gateway_firmware hvg400
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0575

    In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-13165

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute... Read more

    Affected Products : phaser_3320_firmware phaser_3320
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26996

    Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted ... Read more

    Affected Products : arris_tr3300_firmware arris_tr3300
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-1006

    A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4... Read more

    • Published: May. 10, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292862 Results