Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-42077

    PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely comp... Read more

    Affected Products : php_event_calendar
    • EPSS Score: %0.75
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-42311

    Microsoft Defender for IoT Remote Code Execution Vulnerability... Read more

    Affected Products : defender_for_iot
    • EPSS Score: %2.70
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-0316

    In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for e... Read more

    Affected Products : android
    • EPSS Score: %5.05
    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-2412

    Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    • EPSS Score: %23.73
    • Published: Sep. 21, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-44632

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • EPSS Score: %0.95
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-15381

    A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-suppli... Read more

    Affected Products : unity_express
    • EPSS Score: %58.75
    • Published: Nov. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20698

    Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 an... Read more

    • EPSS Score: %0.47
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-20711

    Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.... Read more

    • EPSS Score: %0.65
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-15484

    An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.... Read more

    • EPSS Score: %6.35
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-15557

    An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with t... Read more

    Affected Products : web6000q_firmware web6000q
    • EPSS Score: %2.92
    • Published: Jun. 27, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10182

    An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.... Read more

    Affected Products : dwr-932b_firmware dwr-932b
    • EPSS Score: %49.26
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-18655

    File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET reques... Read more

    Affected Products : file_sharing_wizard
    • EPSS Score: %43.48
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-3586

    An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-2256

    Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    • EPSS Score: %2.23
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-1867

    A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit... Read more

    Affected Products : elastic_services_controller
    • EPSS Score: %21.79
    • Published: May. 10, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10305

    Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default pas... Read more

    • EPSS Score: %0.43
    • Published: Mar. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-2036

    In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation... Read more

    Affected Products : android
    • EPSS Score: %0.60
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1366

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system command... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.42
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10381

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.... Read more

    Affected Products : android
    • EPSS Score: %0.25
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6890

    Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate.... Read more

    Affected Products : matrixssl
    • EPSS Score: %11.16
    • Published: Jan. 05, 2017
    • Modified: Apr. 12, 2025
Showing 20 of 292316 Results