Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-14324

    The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipu... Read more

    Affected Products : glassfish_server
    • EPSS Score: %2.46
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13861

    Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.... Read more

    • EPSS Score: %1.87
    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-45318

    A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger t... Read more

    • Published: Feb. 20, 2024
    • Modified: Feb. 12, 2025

  • 10.0

    HIGH
    CVE-2006-2429

    Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers".... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.78
    • Published: May. 17, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-2433

    Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console".... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.78
    • Published: May. 17, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-27298

    parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20. ... Read more

    Affected Products : parse-server
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-6779

    Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromi... Read more

    • EPSS Score: %9.94
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2512

    The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.... Read more

    Affected Products : ftpd
    • EPSS Score: %2.84
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-46742

    Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. ... Read more

    Affected Products : paddlepaddle
    • EPSS Score: %0.40
    • Published: Dec. 07, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15568

    TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for exam... Read more

    Affected Products : tos tos
    • EPSS Score: %93.12
    • Published: Jan. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15833

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modi... Read more

    • EPSS Score: %0.44
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15835

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private ke... Read more

    • EPSS Score: %0.36
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15836

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.... Read more

    • EPSS Score: %0.94
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14417

    A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to ... Read more

    Affected Products : cloud
    • EPSS Score: %71.90
    • Published: Aug. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14943

    Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.... Read more

    Affected Products : nsg_9000 nsg_9000_firmware
    • EPSS Score: %0.30
    • Published: Aug. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10630

    For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access... Read more

    • EPSS Score: %0.28
    • Published: Aug. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-10511

    A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.... Read more

    Affected Products : control_manager
    • EPSS Score: %0.37
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-12577

    An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.... Read more

    • EPSS Score: %0.39
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-3786

    A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument.... Read more

    Affected Products : egg-scripts
    • EPSS Score: %9.37
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1000666

    GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModificat... Read more

    Affected Products : openvcloud jumpscale
    • EPSS Score: %3.79
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291894 Results