Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2011-4157

    Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.... Read more

    • EPSS Score: %32.88
    • Published: Nov. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-3292

    The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : oncommand_workflow_automation
    • EPSS Score: %28.03
    • Published: May. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-25749

    The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account ... Read more

    • EPSS Score: %3.94
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-4944

    Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified page.... Read more

    Affected Products : fleetcommander fleetcommander_kiosk
    • EPSS Score: %3.65
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-30924

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-39168

    OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. ... Read more

    • EPSS Score: %0.44
    • Published: Aug. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-2564

    Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function.... Read more

    Affected Products : digital_music_mentor
    • EPSS Score: %6.01
    • Published: May. 09, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3684

    Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to execute arbitrary code via crafted packet data to TCP port 2606.... Read more

    Affected Products : documentum_applicationxtender
    • EPSS Score: %3.16
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-26338

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system com... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5409

    AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary... Read more

    Affected Products : sipass_integrated
    • EPSS Score: %35.38
    • Published: Nov. 01, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-3867

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.... Read more

    Affected Products : android
    • EPSS Score: %1.47
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-6852

    CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required.... Read more

    Affected Products : tv-288zd-2mp_firmware tv-288zd-2mp
    • EPSS Score: %0.74
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35219

    The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= ... Read more

    Affected Products : dsl-n17u_firmware dsl-n17u
    • EPSS Score: %0.36
    • Published: Jan. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-17932

    A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port ... Read more

    Affected Products : allmediaserver
    • EPSS Score: %77.39
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-13307

    System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • EPSS Score: %15.30
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0376

    The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.... Read more

    • EPSS Score: %1.20
    • Published: Feb. 25, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-7170

    A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.83
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15181

    The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The probl... Read more

    Affected Products : reset_password
    • EPSS Score: %0.23
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13314

    System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • EPSS Score: %15.30
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13316

    System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • EPSS Score: %15.30
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292318 Results