Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-7450

    AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.... Read more

    Affected Products : hdmi_dongle_firmware hdmi_dongle
    • EPSS Score: %0.33
    • Published: Apr. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-7640

    QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges.... Read more

    Affected Products : qts media_streaming_add-on
    • EPSS Score: %2.42
    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6000

    An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch a... Read more

    Affected Products : asuswrt
    • EPSS Score: %90.65
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-6577

    Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.... Read more

    Affected Products : cs1000
    • EPSS Score: %2.28
    • Published: Apr. 01, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-19067

    An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory~... Read more

    • EPSS Score: %1.22
    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5864

    These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.... Read more

    • EPSS Score: %15.42
    • Published: Nov. 23, 2012
    • Modified: Jul. 08, 2025

  • 10.0

    HIGH
    CVE-2018-7716

    PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and sen... Read more

    Affected Products : privatevpn
    • EPSS Score: %0.73
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-1000651

    Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially cr... Read more

    Affected Products : stroom
    • EPSS Score: %0.24
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9143

    On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991.... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %1.13
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0595

    Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 has a default password for the administrative... Read more

    • EPSS Score: %2.44
    • Published: May. 27, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-0410

    Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a... Read more

    Affected Products : groupwise
    • EPSS Score: %17.50
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-6714

    A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An a... Read more

    • EPSS Score: %1.90
    • Published: Jul. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-7637

    QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.... Read more

    Affected Products : nas_proxy_server
    • EPSS Score: %3.42
    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10586

    Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdra... Read more

    • EPSS Score: %0.36
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-2242

    Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %7.81
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-10780

    BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.... Read more

    Affected Products : bibtex-ruby
    • EPSS Score: %2.84
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11062

    The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.... Read more

    Affected Products : wmpro
    • EPSS Score: %5.57
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12042

    Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system servic... Read more

    • EPSS Score: %0.71
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9542

    D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the ... Read more

    • EPSS Score: %2.16
    • Published: Jun. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-15123

    Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.... Read more

    Affected Products : zipabox_firmware zipabox
    • EPSS Score: %0.32
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292650 Results