Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2006-2433

    Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console".... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.78
    • Published: May. 17, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-27298

    parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20. ... Read more

    Affected Products : parse-server
    • Published: Mar. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-6779

    Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromi... Read more

    • EPSS Score: %9.94
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2512

    The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.... Read more

    Affected Products : ftpd
    • EPSS Score: %2.84
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-46742

    Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. ... Read more

    Affected Products : paddlepaddle
    • EPSS Score: %0.30
    • Published: Dec. 07, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15568

    TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for exam... Read more

    Affected Products : tos tos
    • EPSS Score: %93.12
    • Published: Jan. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15833

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modi... Read more

    • EPSS Score: %0.44
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15835

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private ke... Read more

    • EPSS Score: %0.36
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15836

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.... Read more

    • EPSS Score: %0.94
    • Published: Feb. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14417

    A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to ... Read more

    Affected Products : cloud
    • EPSS Score: %71.90
    • Published: Aug. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-14943

    Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.... Read more

    Affected Products : nsg_9000 nsg_9000_firmware
    • EPSS Score: %0.30
    • Published: Aug. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10630

    For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access... Read more

    • EPSS Score: %0.28
    • Published: Aug. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-10511

    A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.... Read more

    Affected Products : control_manager
    • EPSS Score: %0.37
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-12577

    An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.... Read more

    • EPSS Score: %0.39
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-3786

    A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument.... Read more

    Affected Products : egg-scripts
    • EPSS Score: %10.47
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1000666

    GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModificat... Read more

    Affected Products : openvcloud jumpscale
    • EPSS Score: %3.79
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-17063

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters... Read more

    Affected Products : dir-816_a2_firmware dir-816_a2
    • EPSS Score: %14.54
    • Published: Sep. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-3972

    An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logi... Read more

    Affected Products : monero
    • EPSS Score: %0.94
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7103

    A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.... Read more

    • EPSS Score: %21.54
    • Published: Sep. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-25813

    Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the speci... Read more

    Affected Products : sequelize
    • EPSS Score: %5.19
    • Published: Feb. 22, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 290981 Results