Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-14052

    u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Musi... Read more

    • EPSS Score: %0.33
    • Published: Sep. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14083

    While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is specified in the attribute length field of extended SSI which can lead to integer underflow in Snapdragon Auto, Snapdragon C... Read more

    • EPSS Score: %0.40
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-25024

    OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.... Read more

    Affected Products : openrepeater
    • EPSS Score: %43.08
    • Published: Feb. 19, 2021
    • Modified: Apr. 16, 2025

  • 10.0

    HIGH
    CVE-2019-14451

    RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configura... Read more

    Affected Products : repetier-server
    • EPSS Score: %3.75
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-3416

    All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system.... Read more

    Affected Products : zxv10_b860a_firmware zxv10_b860a
    • EPSS Score: %0.16
    • Published: Sep. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-7792

    Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.... Read more

    Affected Products : cg-wlbargs_firmware
    • EPSS Score: %3.03
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7828

    SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6)... Read more

    Affected Products : hana
    • EPSS Score: %3.56
    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2019-16649

    On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured cred... Read more

    • EPSS Score: %0.14
    • Published: Sep. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-5485

    NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.... Read more

    Affected Products : gitlabhook
    • EPSS Score: %53.86
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16736

    A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.... Read more

    • EPSS Score: %2.82
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-17211

    An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_... Read more

    Affected Products : mbed mbed
    • EPSS Score: %1.16
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-5367

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %20.37
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-1038

    Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string.... Read more

    Affected Products : securecrt securefx
    • EPSS Score: %3.33
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-26879

    Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.... Read more

    Affected Products : ruckus_vriot ruckus_iot_module
    • EPSS Score: %89.45
    • Published: Oct. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-3987

    The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.... Read more

    Affected Products : password_manager
    • EPSS Score: %43.15
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-2126

    WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.... Read more

    • EPSS Score: %13.46
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-2142

    Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wn-g300r3_firmware wn-g300r3
    • EPSS Score: %2.79
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-18780

    An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earli... Read more

    • EPSS Score: %6.40
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-27744

    An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.... Read more

    • EPSS Score: %10.41
    • Published: Oct. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7214

    SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying ... Read more

    Affected Products : smartermail
    • EPSS Score: %82.90
    • Published: Apr. 24, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 290957 Results