Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-27372

    Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands.... Read more

    • EPSS Score: %0.32
    • Published: Mar. 25, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-25218

    Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.... Read more

    • EPSS Score: %0.36
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-25583

    In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in whi... Read more

    Affected Products : freebsd
    • EPSS Score: %0.48
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27274

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUp... Read more

    Affected Products : prosafe_network_management_system
    • EPSS Score: %51.30
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-30225

    Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10. ... Read more

    Affected Products :
    • Published: Mar. 28, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26810

    D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacha... Read more

    • EPSS Score: %31.80
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26709

    D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that... Read more

    Affected Products : dsl-320b-d1 dsl-320b-d1
    • EPSS Score: %39.84
    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-27227

    An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigg... Read more

    Affected Products : openclinic_ga
    • EPSS Score: %4.57
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-31982

    XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any v... Read more

    Affected Products : xwiki
    • Published: Apr. 10, 2024
    • Modified: Jan. 21, 2025

  • 10.0

    HIGH
    CVE-2021-27710

    Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs becau... Read more

    • EPSS Score: %20.15
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-2177

    Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple proto... Read more

    Affected Products : secure_global_desktop
    • EPSS Score: %3.97
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24918

    A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authentication_header() in l... Read more

    Affected Products : oryx_rtsp_server
    • EPSS Score: %13.03
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-20010

    EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5.... Read more

    Affected Products : image_optimizer
    • EPSS Score: %6.83
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11279

    Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon M... Read more

    • EPSS Score: %0.32
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-20998

    In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.... Read more

    • EPSS Score: %0.14
    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31316

    The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.... Read more

    Affected Products : webpanel
    • EPSS Score: %65.42
    • Published: May. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-29895

    Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. ... Read more

    Affected Products : cacti
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-25029

    In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied da... Read more

    Affected Products : versa_director
    • EPSS Score: %2.41
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-32888

    The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection i... Read more

    Affected Products :
    • Published: May. 15, 2024
    • Modified: Jun. 12, 2025

  • 10.0

    CRITICAL
    CVE-2024-31351

    Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.... Read more

    Affected Products : copymatic
    • Published: May. 17, 2024
    • Modified: Apr. 18, 2025
Showing 20 of 290974 Results