Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-10498

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, S... Read more

    • EPSS Score: %0.38
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-4388

    2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default.... Read more

    Affected Products : 1701hg_router 2071_router
    • EPSS Score: %0.33
    • Published: Aug. 17, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4473

    Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probab... Read more

    Affected Products : opc_server
    • EPSS Score: %15.18
    • Published: Dec. 17, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3795

    Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response."... Read more

    Affected Products : ws_ftp_home
    • EPSS Score: %3.05
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2204

    Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrate... Read more

    Affected Products : iphone_os
    • EPSS Score: %18.69
    • Published: Aug. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-3870

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132.... Read more

    Affected Products : android
    • EPSS Score: %1.04
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-14908

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2009-2368

    Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors.... Read more

    Affected Products : ss5
    • EPSS Score: %0.41
    • Published: Jul. 08, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4188

    Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters."... Read more

    Affected Products : secure_directory
    • EPSS Score: %3.48
    • Published: Sep. 23, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-1398

    Unspecified vulnerability in the GO WeiboWidget (com.gau.go.launcherex.gowidget.weibowidget) application 2.4 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android go_weibowidget
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1403

    Unspecified vulnerability in the Dolphin Browser CN (com.dolphin.browser.cn) application 6.3.1 and 7.2.1 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android dolphin_browser_cn
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-20218

    An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform comman... Read more

    • EPSS Score: %36.86
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4296

    The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access.... Read more

    Affected Products : linksys_wrt350n
    • EPSS Score: %0.80
    • Published: Sep. 27, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-1404

    Unspecified vulnerability in the Dolphin Browser Mini (com.dolphin.browser) application 2.2 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android dolphin_browser_mini
    • EPSS Score: %0.33
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-2667

    Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability."... Read more

    Affected Products : tklm
    • EPSS Score: %0.51
    • Published: Aug. 05, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2741

    Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : websphere_business_events
    • EPSS Score: %2.68
    • Published: Sep. 18, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4910

    The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.... Read more

    Affected Products : java_web_start
    • EPSS Score: %3.17
    • Published: Nov. 04, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5045

    Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.... Read more

    Affected Products : ftp_now
    • EPSS Score: %4.36
    • Published: Nov. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4526

    Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and ... Read more

    Affected Products : ccms
    • EPSS Score: %1.98
    • Published: Oct. 09, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5279

    The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source ac... Read more

    Affected Products : zim_server
    • EPSS Score: %5.93
    • Published: Nov. 29, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291562 Results