Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2010-0275

    Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58.... Read more

    • EPSS Score: %0.53
    • Published: Jan. 09, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-13573

    A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system... Read more

    Affected Products : fv_flowplayer_video_player
    • EPSS Score: %4.72
    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11225

    Out of bound access in WLAN driver due to lack of validation of array length before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Indus... Read more

    • EPSS Score: %0.33
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-5328

    Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cl... Read more

    Affected Products : emc_isilon_onefs
    • EPSS Score: %0.39
    • Published: Mar. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-29300

    The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.... Read more

    Affected Products : opened
    • EPSS Score: %38.18
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-1474

    Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger... Read more

    Affected Products : android
    • EPSS Score: %10.09
    • Published: Feb. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-43048

    The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A su... Read more

    Affected Products : partnerexpress
    • EPSS Score: %0.28
    • Published: Nov. 16, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-22504

    Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an ... Read more

    Affected Products : operations_bridge_manager
    • EPSS Score: %3.02
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-24231

    Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student.... Read more

    Affected Products : simple_student_information_system
    • EPSS Score: %0.46
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30925

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-0776

    Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed ... Read more

    • EPSS Score: %0.14
    • Published: Feb. 11, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-5126

    Unspecified vulnerability in the client in Symantec Veritas Backup Exec for Windows Servers 11d has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that doe... Read more

    Affected Products : veritas_backup_exec
    • EPSS Score: %0.42
    • Published: Sep. 27, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-13336

    System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.... Read more

    Affected Products : terramaster_operating_system tos tos
    • EPSS Score: %12.49
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14477

    In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with... Read more

    • EPSS Score: %5.01
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14481

    In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution wi... Read more

    • EPSS Score: %2.27
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4757

    Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms i... Read more

    • EPSS Score: %1.06
    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-12030

    There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gatew... Read more

    • EPSS Score: %0.28
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26290

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.... Read more

    Affected Products : m3_firmware m3
    • EPSS Score: %14.48
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45840

    It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.... Read more

    Affected Products : tos f2-210 f4-210 tos
    • EPSS Score: %1.85
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-0515

    In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • EPSS Score: %3.13
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292650 Results