Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-6570

    The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value... Read more

    • EPSS Score: %0.85
    • Published: Jun. 20, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-0277

    Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applicatio... Read more

    Affected Products : e-business_suite
    • EPSS Score: %1.45
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0281

    Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01.... Read more

    Affected Products : enterpriseone
    • EPSS Score: %1.48
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0303

    Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors.... Read more

    Affected Products : joomla
    • EPSS Score: %0.01
    • Published: Jan. 19, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-1163

    This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is... Read more

    Affected Products : netvault_backup
    • EPSS Score: %59.12
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10040

    The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.... Read more

    • EPSS Score: %1.09
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-7364

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an er... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-1010200

    Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). The impact is: Remote c... Read more

    Affected Products : voice_builder
    • EPSS Score: %2.39
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-2230

    OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.... Read more

    Affected Products : openelec
    • EPSS Score: %1.64
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-1006

    Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.... Read more

    Affected Products : jrockit jre sdk jdk
    • EPSS Score: %2.71
    • Published: Apr. 15, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1057

    MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip fi... Read more

    Affected Products : zipitfast\!
    • EPSS Score: %9.70
    • Published: Mar. 24, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-10842

    Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be l... Read more

    Affected Products : bootstrap-sass
    • EPSS Score: %11.77
    • Published: Apr. 04, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8224

    Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.... Read more

    • EPSS Score: %11.91
    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2013-0658

    Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request.... Read more

    Affected Products : accutech_manager
    • EPSS Score: %69.61
    • Published: Feb. 15, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-0728

    Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS APOLLO ECWP plugin before 13.00.0001 for Internet Explorer, Firefox, and Chrome allow remote attackers to execute arbitrary code via a long property value.... Read more

    Affected Products : erdas_apollo_ecwp
    • EPSS Score: %8.95
    • Published: Apr. 25, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-1240

    Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibl... Read more

    • EPSS Score: %0.92
    • Published: Apr. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2019-11210

    The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls a... Read more

    • EPSS Score: %3.46
    • Published: Sep. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-1422

    Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209.... Read more

    • EPSS Score: %2.14
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1472

    The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java cod... Read more

    • EPSS Score: %0.18
    • Published: May. 27, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-9769

    A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.... Read more

    Affected Products : synapse
    • EPSS Score: %77.70
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291589 Results