Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-25094

    LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default... Read more

    Affected Products : platform_manager
    • EPSS Score: %12.43
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-7856

    OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.... Read more

    Affected Products : opennms
    • EPSS Score: %1.78
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-4240

    Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.... Read more

    Affected Products : infosphere_information_server
    • EPSS Score: %1.37
    • Published: Dec. 09, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-25537

    File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.... Read more

    Affected Products : ucms
    • EPSS Score: %0.40
    • Published: Nov. 30, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17508

    On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.... Read more

    • EPSS Score: %20.96
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17600

    Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.... Read more

    Affected Products : iwr_1000n_firmware iwr_1000n
    • EPSS Score: %0.20
    • Published: Oct. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-28187

    Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /incl... Read more

    Affected Products : tos tos
    • EPSS Score: %64.16
    • Published: Dec. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-8595

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2009-4912

    Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an H... Read more

    • EPSS Score: %0.66
    • Published: Jun. 29, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-35466

    The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : blackfire_docker_image
    • EPSS Score: %2.01
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35468

    The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : streams
    • EPSS Score: %2.01
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-5220

    Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/t... Read more

    Affected Products : wportfolio
    • EPSS Score: %6.49
    • Published: Nov. 25, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-3667

    u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, S... Read more

    • EPSS Score: %0.27
    • Published: Sep. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-3909

    Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.... Read more

    Affected Products : premisys_id
    • EPSS Score: %1.16
    • Published: Jan. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1054

    Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors.... Read more

    Affected Products : ida
    • EPSS Score: %0.46
    • Published: Feb. 21, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-8001

    The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account.... Read more

    Affected Products : aptus
    • EPSS Score: %0.39
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9021

    Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer paramete... Read more

    • EPSS Score: %0.32
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-0342

    There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812576... Read more

    Affected Products : android
    • EPSS Score: %0.17
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13447

    An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection.... Read more

    Affected Products : xpare
    • EPSS Score: %0.24
    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15623

    This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When ... Read more

    Affected Products : webpanel
    • EPSS Score: %3.18
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292316 Results