Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 10.0

    CRITICAL
    CVE-2022-30603

    An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make... Read more

    • EPSS Score: %2.47
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2022-33192

    Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands t... Read more

    • EPSS Score: %0.32
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2022-33204

    Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An att... Read more

    • EPSS Score: %0.45
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2025-34030

    An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can in... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection
  • 10.0

    CRITICAL
    CVE-2022-4291

    The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in versi... Read more

    Affected Products : script_shield
    • EPSS Score: %0.02
    • Published: Dec. 08, 2022
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2022-4390

    A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restric... Read more

    Affected Products : ax2400_firmware ax2400
    • EPSS Score: %0.10
    • Published: Dec. 09, 2022
    • Modified: Apr. 14, 2025
  • 10.0

    CRITICAL
    CVE-2025-53091

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox parameter of the `/controle/getProdutosPorAlmox.php` endpoint... Read more

    Affected Products : wegia
    • Published: Jun. 27, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection
  • 10.0

    CRITICAL
    CVE-2023-22600

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the sam... Read more

    • EPSS Score: %0.13
    • Published: Jan. 12, 2023
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2023-22601

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An u... Read more

    • EPSS Score: %0.12
    • Published: Jan. 12, 2023
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2022-45444

    Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted acc... Read more

    Affected Products : real-time_location_system_studio
    • EPSS Score: %0.31
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2025-53823

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in the endpoint `/WeGIA/html/socio/sistema/processa_deletar_socio.php`, in the `id_socio` p... Read more

    Affected Products : wegia
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection
  • 10.0

    CRITICAL
    CVE-2023-24482

    A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), CO... Read more

    Affected Products : comos
    • EPSS Score: %0.23
    • Published: Feb. 14, 2023
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2014-125124

    An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p paramet... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection
  • 10.0

    CRITICAL
    CVE-2022-43604

    An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing... Read more

    Affected Products : opener
    • EPSS Score: %2.83
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2012-10026

    The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication
  • 10.0

    CRITICAL
    CVE-2022-47190

    Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.... Read more

    Affected Products : cs141_firmware cs141
    • EPSS Score: %0.72
    • Published: Mar. 31, 2023
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2012-10058

    RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code executi... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption
  • 10.0

    CRITICAL
    CVE-2023-27497

    Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploit... Read more

    Affected Products : windows diagnostics_agent
    • EPSS Score: %0.34
    • Published: Apr. 11, 2023
    • Modified: Nov. 21, 2024
  • 10.0

    CRITICAL
    CVE-2024-43243

    Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through 1.2.6.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Misconfiguration
  • 10.0

    HIGH
    CVE-2023-2231

    A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attac... Read more

    Affected Products : max-g866ac_firmware max-g866ac
    • EPSS Score: %0.20
    • Published: Apr. 21, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results