Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-0889

    In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidV... Read more

    Affected Products : android
    • EPSS Score: %3.66
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-2868

    An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can ove... Read more

    Affected Products : comfortlink_ii_firmware
    • EPSS Score: %7.33
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2012-4334

    The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained ... Read more

    Affected Products : net-i_viewer
    • EPSS Score: %35.69
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-3644

    Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to... Read more

    • EPSS Score: %11.65
    • Published: Jun. 18, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-29499

    The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.... Read more

    Affected Products : mivoice_connect
    • Actively Exploited
    • EPSS Score: %89.83
    • Published: Apr. 26, 2022
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2018-13354

    System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.... Read more

    Affected Products : terramaster_operating_system tos tos
    • EPSS Score: %12.08
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-6997

    Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE... Read more

    • EPSS Score: %0.40
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-5932

    Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.... Read more

    • EPSS Score: %0.86
    • Published: Sep. 23, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-7027

    Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.... Read more

    Affected Products : isa_server
    • EPSS Score: %38.74
    • Published: Feb. 23, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-20591

    Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.... Read more

    • Published: Aug. 13, 2024
    • Modified: Mar. 13, 2025

  • 10.0

    HIGH
    CVE-2018-13858

    MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.... Read more

    • EPSS Score: %1.59
    • Published: Jul. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13924

    Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdra... Read more

    • EPSS Score: %0.36
    • Published: Jul. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30493

    In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %2.05
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-13873

    A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can uplo... Read more

    Affected Products : codoforum
    • EPSS Score: %12.78
    • Published: May. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-7132

    Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.... Read more

    Affected Products : phpmydesk
    • EPSS Score: %1.67
    • Published: Mar. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-13925

    Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snap... Read more

    • EPSS Score: %0.46
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-0977

    Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : intravue
    • EPSS Score: %0.78
    • Published: Feb. 27, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-18349

    parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP ... Read more

    Affected Products : fastjson pippo
    • EPSS Score: %90.63
    • Published: Oct. 23, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12670

    SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection.... Read more

    • EPSS Score: %12.49
    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-5368

    Unspecified vulnerability in Oracle Exchange component in Oracle E-Business Suite 6.2.4 has unknown impact and remote attack vectors, aka Vuln# APPS01.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.96
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 292318 Results