Latest CVE Feed

  1. Home
  2. CVE
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-6709

    Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.... Read more

    Affected Products : mlflow
    • EPSS Score: %0.27
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9311

    The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.... Read more

    • EPSS Score: %3.62
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9318

    The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.... Read more

    • EPSS Score: %0.88
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10546

    An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrar... Read more

    Affected Products : pouchdb
    • EPSS Score: %0.98
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-3746

    The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.... Read more

    Affected Products : pdfinfojs
    • EPSS Score: %3.25
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-3757

    Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.... Read more

    Affected Products : pdf-image
    • EPSS Score: %8.34
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11681

    Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The... Read more

    • EPSS Score: %2.83
    • Published: Jun. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2023-6906

    A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %0.12
    • Published: Dec. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-16100

    dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.... Read more

    Affected Products : dns-sync
    • EPSS Score: %5.61
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-16127

    The module pandora-doomsday infects other modules. It's since been unpublished from the registry.... Read more

    Affected Products : pandora-doomsday
    • EPSS Score: %0.34
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-16128

    The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.... Read more

    Affected Products : npm-script-demo
    • EPSS Score: %0.34
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-25054

    Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. ... Read more

    Affected Products : rsvpmaker
    • EPSS Score: %0.69
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51505

    Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerc... Read more

    Affected Products : woot
    • EPSS Score: %0.63
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51411

    Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3. ... Read more

    Affected Products : frontend_admin
    • EPSS Score: %0.66
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-51473

    Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3. ... Read more

    Affected Products : terraclassifieds
    • EPSS Score: %0.66
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11808

    Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTH... Read more

    • EPSS Score: %4.66
    • Published: Jun. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12049

    A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occur... Read more

    Affected Products : lbp6030w_firmware lbp6030w
    • EPSS Score: %6.60
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-4804

    An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.... Read more

    • EPSS Score: %0.10
    • Published: Nov. 10, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-0593

    The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the ... Read more

    Affected Products : open_build_service
    • EPSS Score: %0.47
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-5397

    The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to repl... Read more

    Affected Products : firefox
    • EPSS Score: %0.55
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 290983 Results