Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2018-1000837

    UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugi... Read more

    Affected Products : uml_designer
    • EPSS Score: %0.24
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-6299

    Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors.... Read more

    Affected Products : identityminder
    • EPSS Score: %1.38
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-17411

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in t... Read more

    Affected Products : wvbr0_firmware wvbr0
    • EPSS Score: %92.16
    • Published: Dec. 21, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-10635

    In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may ... Read more

    Affected Products : cb3.1_firmware cb3.1
    • EPSS Score: %3.35
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-0276

    Multiple unspecified vulnerabilities in Oracle Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, 2) OCS02, 3) OCS03, 4) OCS04, 5) OCS05, 6) OCS06, 7) OCS07, (8) O... Read more

    Affected Products : collaboration_suite
    • EPSS Score: %2.20
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2012-6570

    The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value... Read more

    • EPSS Score: %0.85
    • Published: Jun. 20, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-0277

    Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applicatio... Read more

    Affected Products : e-business_suite
    • EPSS Score: %1.45
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0281

    Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01.... Read more

    Affected Products : enterpriseone
    • EPSS Score: %1.48
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0303

    Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors.... Read more

    Affected Products : joomla
    • EPSS Score: %0.01
    • Published: Jan. 19, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-1163

    This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is... Read more

    Affected Products : netvault_backup
    • EPSS Score: %60.14
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10040

    The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.... Read more

    • EPSS Score: %1.09
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-7364

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an er... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-1010200

    Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). The impact is: Remote c... Read more

    Affected Products : voice_builder
    • EPSS Score: %2.39
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-2230

    OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.... Read more

    Affected Products : openelec
    • EPSS Score: %1.64
    • Published: Feb. 08, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-1006

    Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.... Read more

    Affected Products : jrockit jre sdk jdk
    • EPSS Score: %2.71
    • Published: Apr. 15, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1057

    MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip fi... Read more

    Affected Products : zipitfast\!
    • EPSS Score: %9.70
    • Published: Mar. 24, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-10842

    Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be l... Read more

    Affected Products : bootstrap-sass
    • EPSS Score: %11.77
    • Published: Apr. 04, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8224

    Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.... Read more

    • EPSS Score: %11.91
    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2013-0658

    Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request.... Read more

    Affected Products : accutech_manager
    • EPSS Score: %69.61
    • Published: Feb. 15, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-0728

    Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS APOLLO ECWP plugin before 13.00.0001 for Internet Explorer, Firefox, and Chrome allow remote attackers to execute arbitrary code via a long property value.... Read more

    Affected Products : erdas_apollo_ecwp
    • EPSS Score: %8.95
    • Published: Apr. 25, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 290954 Results