Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-1408

    Unspecified vulnerability in the App Lock (com.cc.applock) application 1.7.5 and 1.7.6 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android app_lock
    • EPSS Score: %0.33
    • Published: Mar. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1474

    Unspecified vulnerability in the Youni SMS (com.snda.youni) application 2.1.0c and 2.1.0d for Android has unknown impact and attack vectors.... Read more

    Affected Products : android youni_sms
    • EPSS Score: %0.33
    • Published: Mar. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-7196

    Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability.... Read more

    Affected Products : metashell
    • EPSS Score: %0.72
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-6123

    Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors.... Read more

    Affected Products : irc_services
    • EPSS Score: %0.42
    • Published: Nov. 26, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-10612

    In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, includi... Read more

    • EPSS Score: %0.12
    • Published: Jan. 29, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3140

    A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user in... Read more

    Affected Products : prime_license_manager
    • EPSS Score: %1.66
    • Published: Jul. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-3354

    Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.... Read more

    Affected Products : drupal rest_api_module
    • EPSS Score: %0.39
    • Published: Sep. 24, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1766

    PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.... Read more

    Affected Products : advanced_login
    • EPSS Score: %5.06
    • Published: Mar. 30, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1822

    Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).... Read more

    Affected Products : voice_mail_system
    • EPSS Score: %0.99
    • Published: Apr. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-30915

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11013

    Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.... Read more

    • EPSS Score: %12.27
    • Published: May. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35189

    The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access wit... Read more

    Affected Products : kong_alpine_docker_image
    • EPSS Score: %2.01
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-19838

    emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.... Read more

    • EPSS Score: %23.30
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-31311

    An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.... Read more

    • EPSS Score: %2.59
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-33193

    Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands t... Read more

    • EPSS Score: %0.32
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-31481

    An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmwa... Read more

    • EPSS Score: %1.26
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34111

    Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.... Read more

    Affected Products : n4800eco_firmware n4800eco
    • EPSS Score: %12.54
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-35949

    An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a fil... Read more

    • EPSS Score: %13.31
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-16743

    An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to by... Read more

    • EPSS Score: %1.64
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0274

    Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5.... Read more

    • EPSS Score: %0.53
    • Published: Jan. 09, 2010
    • Modified: Apr. 09, 2025
Showing 20 of 292386 Results