Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-4910

    The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.... Read more

    Affected Products : java_web_start
    • EPSS Score: %3.17
    • Published: Nov. 04, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5045

    Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long.... Read more

    Affected Products : ftp_now
    • EPSS Score: %4.36
    • Published: Nov. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4526

    Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and ... Read more

    Affected Products : ccms
    • EPSS Score: %1.98
    • Published: Oct. 09, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5279

    The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source ac... Read more

    Affected Products : zim_server
    • EPSS Score: %5.93
    • Published: Nov. 29, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-3785

    A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.... Read more

    Affected Products : git-dummy-commit
    • EPSS Score: %3.58
    • Published: Aug. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18136

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD... Read more

    • EPSS Score: %0.26
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-5866

    The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables.... Read more

    Affected Products : tsunami_mp.11_2411
    • EPSS Score: %0.81
    • Published: Jan. 07, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-5399

    The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. Th... Read more

    • EPSS Score: %0.20
    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5447

    An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resource... Read more

    Affected Products : pcs-9611_firmware pcs-9611
    • EPSS Score: %0.41
    • Published: Jan. 25, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8218

    vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.... Read more

    Affected Products : c2_firmware c20i_firmware c2 c20i
    • EPSS Score: %0.90
    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-6520

    Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI ... Read more

    Affected Products : xitami
    • EPSS Score: %3.19
    • Published: Mar. 25, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6916

    Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.... Read more

    Affected Products : speedstream_5200 netport_software
    • EPSS Score: %3.65
    • Published: Aug. 07, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-6911

    The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %30.19
    • Published: Feb. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7121

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %43.84
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-3853

    A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual i... Read more

    Affected Products : iox
    • EPSS Score: %1.37
    • Published: Mar. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-7081

    userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details ... Read more

    Affected Products : icy_box_nas
    • EPSS Score: %0.34
    • Published: Aug. 25, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-0514

    MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : mp_form_mail_cgi
    • EPSS Score: %2.22
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7756

    RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that ... Read more

    Affected Products : dewesoft
    • EPSS Score: %45.88
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7715

    PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and sen... Read more

    Affected Products : privatevpn
    • EPSS Score: %0.73
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1000043

    Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This at... Read more

    Affected Products : squert
    • EPSS Score: %2.31
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 290954 Results