Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-7297

    Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors.... Read more

    Affected Products : enfold
    • EPSS Score: %1.54
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3864

    Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE:... Read more

    Affected Products : android
    • EPSS Score: %84.44
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3868

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.... Read more

    Affected Products : android
    • EPSS Score: %4.36
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3875

    libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485.... Read more

    Affected Products : android
    • EPSS Score: %2.36
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-9683

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component... Read more

    • EPSS Score: %21.97
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-9966

    Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privi... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %0.49
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7915

    Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.... Read more

    Affected Products : android
    • EPSS Score: %0.22
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8687

    Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.... Read more

    Affected Products : business_nas_firmware business_nas
    • EPSS Score: %49.87
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2005-4448

    FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813)... Read more

    Affected Products : flatnuke
    • EPSS Score: %0.62
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-9002

    Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.... Read more

    Affected Products : xprintserver
    • EPSS Score: %3.81
    • Published: Nov. 20, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2004-0953

    Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username.... Read more

    Affected Products : jabber_server
    • EPSS Score: %9.86
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-9968

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.... Read more

    Affected Products : android
    • EPSS Score: %0.19
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-9973

    In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-9978

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service.... Read more

    Affected Products : android
    • EPSS Score: %0.19
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-9979

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-9977

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM.... Read more

    Affected Products : android
    • EPSS Score: %0.19
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-6459

    Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.... Read more

    Affected Products : mds_pulsenet
    • EPSS Score: %1.85
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7251

    ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.... Read more

    • EPSS Score: %23.04
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7280

    The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.... Read more

    Affected Products : wrt300n-dd_firmware wrt300n-dd
    • EPSS Score: %0.76
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-1268

    The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password.... Read more

    Affected Products : wrt54g wrt54g_firmware
    • EPSS Score: %1.06
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 290943 Results