Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-10501

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615... Read more

    • EPSS Score: %0.26
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7243

    An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a ... Read more

    • EPSS Score: %2.35
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-12087

    An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dn... Read more

    Affected Products : tinysvcmdns
    • EPSS Score: %1.78
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-6248

    The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, v... Read more

    • EPSS Score: %3.21
    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-5173

    An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not ... Read more

    • EPSS Score: %80.50
    • Published: May. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11253

    Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution ... Read more

    • EPSS Score: %17.15
    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-6709

    Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.... Read more

    Affected Products : mlflow
    • EPSS Score: %0.27
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9311

    The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.... Read more

    • EPSS Score: %3.06
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9318

    The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.... Read more

    • EPSS Score: %0.88
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10546

    An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrar... Read more

    Affected Products : pouchdb
    • EPSS Score: %0.98
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-3746

    The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.... Read more

    Affected Products : pdfinfojs
    • EPSS Score: %3.05
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-3757

    Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.... Read more

    Affected Products : pdf-image
    • EPSS Score: %10.66
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11681

    Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The... Read more

    • EPSS Score: %2.83
    • Published: Jun. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2023-6906

    A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %0.12
    • Published: Dec. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-16100

    dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.... Read more

    Affected Products : dns-sync
    • EPSS Score: %5.61
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-16127

    The module pandora-doomsday infects other modules. It's since been unpublished from the registry.... Read more

    Affected Products : pandora-doomsday
    • EPSS Score: %0.34
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-16128

    The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.... Read more

    Affected Products : npm-script-demo
    • EPSS Score: %0.34
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-25054

    Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. ... Read more

    Affected Products : rsvpmaker
    • EPSS Score: %0.69
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51505

    Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerc... Read more

    Affected Products : woot
    • EPSS Score: %0.63
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51411

    Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3. ... Read more

    Affected Products : frontend_admin
    • EPSS Score: %0.66
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291890 Results