Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-7158

    A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.83
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7745

    This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.... Read more

    Affected Products : mintegraladsdk
    • EPSS Score: %0.45
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-8950

    The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.... Read more

    Affected Products : h665_firmware h665
    • EPSS Score: %0.89
    • Published: Feb. 20, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9863

    Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control... Read more

    • EPSS Score: %0.72
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1564

    Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigge... Read more

    Affected Products : realwin
    • EPSS Score: %44.56
    • Published: Apr. 05, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-1623

    Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET ses... Read more

    • EPSS Score: %0.43
    • Published: Jun. 02, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-13405

    A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay... Read more

    Affected Products : vd_1_firmware vd_1
    • EPSS Score: %0.52
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0804

    The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-0265

    An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus gran... Read more

    Affected Products : appformix
    • EPSS Score: %5.43
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-10279

    MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access be... Read more

    • EPSS Score: %0.29
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0838

    Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (me... Read more

    Affected Products : android
    • EPSS Score: %2.23
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-17153

    It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a pass... Read more

    • EPSS Score: %91.65
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-2158

    The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/... Read more

    Affected Products : smarterstats
    • EPSS Score: %2.44
    • Published: May. 20, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-24215

    An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/op... Read more

    Affected Products : controlled_admin_access
    • EPSS Score: %37.38
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-15137

    CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the ... Read more

    Affected Products : clr-m20_firmware clr-m20
    • EPSS Score: %26.16
    • Published: Aug. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-1965

    Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking... Read more

    • EPSS Score: %27.45
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-0768

    Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380.... Read more

    Affected Products : goodtech_telnet_server
    • EPSS Score: %75.36
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2021-46201

    An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node.... Read more

    Affected Products : online_resort_management_system
    • EPSS Score: %0.33
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-7173

    Belkin n750 routers have a buffer overflow.... Read more

    Affected Products : n750_firmware n750
    • EPSS Score: %0.45
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-15477

    myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device.... Read more

    Affected Products : wifi_switch_firmware wifi_switch
    • EPSS Score: %0.38
    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291898 Results