Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-8522

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on... Read more

    Affected Products : learnpress
    • Published: Sep. 12, 2024
    • Modified: Sep. 13, 2024

  • 10.0

    HIGH
    CVE-2024-8162

    A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded creden... Read more

    Affected Products : t10_v2_firmware t10_firmware t10
    • Published: Aug. 26, 2024
    • Modified: Aug. 27, 2024

  • 10.0

    HIGH
    CVE-2011-3161

    Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229.... Read more

    • EPSS Score: %45.96
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2023-7095

    A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulat... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %9.33
    • Published: Dec. 25, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-7503

    An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web i... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2020-24032

    tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.... Read more

    Affected Products : lpar2rrd stor2rrd
    • EPSS Score: %16.76
    • Published: Aug. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-23922

    Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 10.0

    HIGH
    CVE-2025-2621

    A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated rem... Read more

    Affected Products : dap-1620_firmware dap-1620
    • Published: Mar. 22, 2025
    • Modified: Mar. 26, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2021-29212

    A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code lead... Read more

    Affected Products : ilo_amplifier_pack
    • EPSS Score: %15.48
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-8712

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges.... Read more

    Affected Products : iphone_os tvos watchos
    • EPSS Score: %0.99
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-39008

    robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products :
    • Published: Jul. 01, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2025-5630

    A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can ... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2014-2940

    Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrator account, which allows attackers to obtain administrative control by leveraging physical access or terminal access.... Read more

    • EPSS Score: %0.29
    • Published: Aug. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-0545

    LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : lxr
    • EPSS Score: %3.75
    • Published: Apr. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9121

    An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attacker... Read more

    Affected Products : m2_firmware c1_firmware m2 c1
    • EPSS Score: %4.00
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-32651

    changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can ru... Read more

    Affected Products : changedetection
    • Published: Apr. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-45066

    A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 01, 2024

  • 10.0

    HIGH
    CVE-2019-9493

    The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to le... Read more

    Affected Products : mycar_controls
    • EPSS Score: %9.17
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10509

    Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Weara... Read more

    • EPSS Score: %0.27
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-9190

    Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.... Read more

    • EPSS Score: %5.34
    • Published: Jan. 10, 2015
    • Modified: Jul. 24, 2025
Showing 20 of 292316 Results