Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-24148

    A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.... Read more

    Affected Products : mstore_api
    • EPSS Score: %5.63
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44882

    D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.... Read more

    Affected Products : dir-878_firmware dir-878
    • EPSS Score: %8.69
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45497

    NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.... Read more

    Affected Products : d7000_firmware d7000
    • EPSS Score: %0.15
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-52181

    Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1. ... Read more

    Affected Products : theme_per_user
    • EPSS Score: %0.30
    • Published: Dec. 31, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2024-3765

    A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerability is an unknown functionality of the component Sofia Se... Read more

    Affected Products :
    • Published: Apr. 14, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-1297

    Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection. ... Read more

    Affected Products : loomio
    • Published: Feb. 20, 2024
    • Modified: Dec. 31, 2024

  • 10.0

    HIGH
    CVE-2018-9091

    A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, ... Read more

    Affected Products : loadmaster_operating_system
    • EPSS Score: %1.18
    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-29389

    The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank passwo... Read more

    Affected Products : crux_linux_docker_image
    • EPSS Score: %0.39
    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-5246

    The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.... Read more

    Affected Products : a5s_firmware a5s
    • EPSS Score: %26.19
    • Published: Aug. 22, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-1918

    Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via c... Read more

    • EPSS Score: %0.91
    • Published: Nov. 02, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-6471

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access.... Read more

    Affected Products : workcentre
    • EPSS Score: %0.30
    • Published: Dec. 11, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-0365

    The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user.... Read more

    • EPSS Score: %2.42
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-22056

    The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service.... Read more

    Affected Products : le-yan_dental_management_system
    • EPSS Score: %3.82
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-22086

    Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Mu... Read more

    • EPSS Score: %0.16
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14244

    An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /p... Read more

    Affected Products : ib-wra150n_firmware ib-wra150n
    • EPSS Score: %55.13
    • Published: Sep. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2019-7257

    Linear eMerge E3-Series devices allow Unrestricted File Upload.... Read more

    • EPSS Score: %38.18
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-50495

    Unrestricted Upload of File with Dangerous Type vulnerability in WidgiLabs Plugin Propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through 0.1.... Read more

    Affected Products : plugin_propagator
    • Published: Oct. 28, 2024
    • Modified: Nov. 08, 2024

  • 10.0

    HIGH
    CVE-2012-3298

    Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %2.39
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2024-3193

    A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launc... Read more

    Affected Products : mailcleaner
    • Published: Apr. 29, 2024
    • Modified: Apr. 10, 2025

  • 10.0

    CRITICAL
    CVE-2024-32700

    Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0.... Read more

    Affected Products : kognetiks_chatbot
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292316 Results