Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-51473

    Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3. ... Read more

    Affected Products : terraclassifieds
    • EPSS Score: %0.66
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11808

    Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTH... Read more

    • EPSS Score: %4.66
    • Published: Jun. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12049

    A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occur... Read more

    Affected Products : lbp6030w_firmware lbp6030w
    • EPSS Score: %6.60
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-4804

    An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.... Read more

    • EPSS Score: %0.10
    • Published: Nov. 10, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-0593

    The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the ... Read more

    Affected Products : open_build_service
    • EPSS Score: %0.47
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-5397

    The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to repl... Read more

    Affected Products : firefox
    • EPSS Score: %0.55
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2023-7221

    A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument ... Read more

    Affected Products : t6_firmware t6
    • EPSS Score: %0.29
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-6968

    The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execut... Read more

    Affected Products : airwatch_agent
    • EPSS Score: %11.58
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12336

    Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.... Read more

    • EPSS Score: %0.38
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12338

    Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access.... Read more

    Affected Products : system_management_appliance
    • EPSS Score: %0.38
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-4434

    The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.... Read more

    Affected Products : social_warfare
    • EPSS Score: %7.99
    • Published: Jan. 17, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12526

    Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.... Read more

    • EPSS Score: %1.58
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2024-23619

    A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. ... Read more

    Affected Products : merge_efilm_workstation
    • EPSS Score: %0.94
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13101

    KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to... Read more

    Affected Products : kiosksimple
    • EPSS Score: %0.73
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5855

    While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur.... Read more

    Affected Products : android
    • EPSS Score: %0.42
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-3197

    GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit mo... Read more

    • EPSS Score: %4.06
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5553

    The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.... Read more

    • EPSS Score: %8.48
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6552

    Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.... Read more

    Affected Products : dx-350_firmware dx-350
    • EPSS Score: %0.65
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9498

    ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as we... Read more

    Affected Products : manageengine_applications_manager
    • EPSS Score: %71.20
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14010

    OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.... Read more

    • EPSS Score: %11.26
    • Published: Jul. 15, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291890 Results