Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-45966

    An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.... Read more

    Affected Products : cloud_phone_system
    • EPSS Score: %13.81
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25455

    Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.... Read more

    Affected Products : ac6_firmware ac6
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45809

    GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--scr... Read more

    Affected Products : globalprotect-openconnect
    • EPSS Score: %1.12
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-27464

    The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.... Read more

    Affected Products : factorytalk_assetcentre
    • EPSS Score: %0.03
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-27472

    A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.... Read more

    Affected Products : factorytalk_assetcentre
    • EPSS Score: %0.09
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-27476

    A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk Asse... Read more

    Affected Products : factorytalk_assetcentre
    • EPSS Score: %0.03
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-50484

    Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 10.0

    CRITICAL
    CVE-2024-50473

    Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through 3.1.3.... Read more

    Affected Products :
    • Published: Oct. 29, 2024
    • Modified: Oct. 29, 2024

  • 10.0

    HIGH
    CVE-2021-44127

    In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized.... Read more

    Affected Products : dap-1360f1_firmware dap-1360
    • EPSS Score: %13.52
    • Published: Mar. 27, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26278

    Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.39
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-51568

    CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.... Read more

    Affected Products : cyberpanel
    • Published: Oct. 29, 2024
    • Modified: Jul. 07, 2025

  • 10.0

    CRITICAL
    CVE-2024-50510

    Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For Woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through 6.2.... Read more

    Affected Products :
    • Published: Oct. 30, 2024
    • Modified: Nov. 01, 2024

  • 10.0

    HIGH
    CVE-2022-26069

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46009

    In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.... Read more

    Affected Products : a3100r_firmware a3100r
    • EPSS Score: %1.02
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-50523

    Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through 1.7.3.... Read more

    Affected Products : all_post_contact_form
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-50527

    Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.... Read more

    Affected Products : stacks_mobile_app_builder
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-50531

    Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4.... Read more

    Affected Products : rsvpmaker
    • Published: Nov. 04, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-8615

    The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible f... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 10.0

    CRITICAL
    CVE-2024-20418

    A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with r... Read more

    • Published: Nov. 06, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    HIGH
    CVE-2022-27570

    Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.... Read more

    Affected Products : android dex
    • EPSS Score: %1.17
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290955 Results