Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-3572

    In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.... Read more

    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7800

    A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.... Read more

    • Published: Dec. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8964

    TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xM... Read more

    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-31161

    Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py... Read more

    Affected Products : roxy-wi
    • Published: Jul. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15430

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. Whe... Read more

    Affected Products : webpanel
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-25140

    A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to setup and configu... Read more

    Affected Products : moonshot_provisioning_manager
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3188

    phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.... Read more

    Affected Products : phplist
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1653

    Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRol... Read more

    Affected Products : total_defense total_defense
    • Published: Apr. 18, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-40859

    Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.... Read more

    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9409

    The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated ... Read more

    • Published: May. 20, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45495

    NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass.... Read more

    Affected Products : d7000_firmware d7000
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3675

    u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IO... Read more

    • Published: Sep. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30913

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1235

    Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the... Read more

    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2937

    Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different vulnerability than other CVEs listed in CTX137162.... Read more

    Affected Products : cloudportal_services_manager
    • Published: Sep. 12, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-7263

    Linear eMerge E3-Series devices have a Version Control Failure.... Read more

    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9796

    Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that ... Read more

    • Published: Dec. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-4050

    Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.... Read more

    • Published: Jul. 24, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1383

    Unspecified vulnerability in the NetEase Reader (com.netease.pris) application 1.1.2 and 1.2.0 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android netease_reader
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-29592

    Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).... Read more

    Affected Products : tx9_pro_firmware tx9_pro
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results