Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2021-33975

    Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges.... Read more

    Affected Products : safe_browser
    • EPSS Score: %0.29
    • Published: Apr. 19, 2023
    • Modified: Feb. 05, 2025

  • 10.0

    CRITICAL
    CVE-2021-33970

    Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.... Read more

    Affected Products : chrome
    • EPSS Score: %0.36
    • Published: Apr. 19, 2023
    • Modified: Feb. 05, 2025

  • 10.0

    CRITICAL
    CVE-2023-1778

    This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based managemen... Read more

    • EPSS Score: %0.26
    • Published: Apr. 27, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-10402

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    • EPSS Score: %1.65
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-10405

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    • EPSS Score: %1.74
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-2564

    OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. ... Read more

    Affected Products : scanservjs
    • EPSS Score: %38.24
    • Published: May. 07, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-2583

    Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.... Read more

    Affected Products : jsreport
    • EPSS Score: %0.11
    • Published: May. 08, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-12796

    The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users ... Read more

    Affected Products : openmrs
    • EPSS Score: %5.73
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2023-2645

    A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded pa... Read more

    Affected Products : usr-g806_firmware usr-g806
    • EPSS Score: %5.62
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11767

    ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".... Read more

    Affected Products : chakracore
    • EPSS Score: %17.16
    • Published: Nov. 02, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14024

    A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been ident... Read more

    • EPSS Score: %3.53
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-2909

    EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.... Read more

    Affected Products : data_master adm
    • EPSS Score: %0.30
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-1000228

    nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function... Read more

    Affected Products : ejs
    • EPSS Score: %7.18
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-1000169

    QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.... Read more

    Affected Products : quickerbb
    • EPSS Score: %3.44
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11402

    An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port o... Read more

    • EPSS Score: %0.09
    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-22583

    The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.... Read more

    Affected Products : ak-em100_firmware ak-em100
    • EPSS Score: %0.07
    • Published: Jun. 11, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-36331

    Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.... Read more

    • EPSS Score: %0.22
    • Published: Jun. 12, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8020

    An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server.... Read more

    Affected Products : scaleio
    • EPSS Score: %8.59
    • Published: Nov. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-14378

    EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability."... Read more

    • EPSS Score: %2.64
    • Published: Nov. 29, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14189

    An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.... Read more

    Affected Products : fortiweb_manager
    • EPSS Score: %1.36
    • Published: Nov. 29, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 290979 Results