Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-3685

    Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upload arbitrary files, and execute arbitrary code, via dir... Read more

    • EPSS Score: %0.70
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2021-21242

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Ser... Read more

    Affected Products : onedev
    • EPSS Score: %40.37
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-15497

    The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in... Read more

    • EPSS Score: %9.36
    • Published: Oct. 23, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10178

    An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.... Read more

    Affected Products : dwr-932b_firmware dwr-932b
    • EPSS Score: %22.25
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-3594

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 82... Read more

    • EPSS Score: %0.26
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-7457

    Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-24026

    A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 coul... Read more

    Affected Products : whatsapp whatsapp_business
    • EPSS Score: %0.44
    • Published: Apr. 06, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-3991

    An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacke... Read more

    • EPSS Score: %60.54
    • Published: Feb. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3496

    service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.... Read more

    Affected Products : scadapro scadapro_server
    • EPSS Score: %11.87
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-31324

    The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.... Read more

    Affected Products : webpanel
    • EPSS Score: %82.33
    • Published: May. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10481

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205,... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-2430

    IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %2.07
    • Published: May. 17, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-20173

    Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-25981

    In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, ... Read more

    Affected Products : talkyard
    • EPSS Score: %2.10
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-5162

    An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.... Read more

    • EPSS Score: %60.06
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-0683

    The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication reque... Read more

    • EPSS Score: %29.44
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-3031

    Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service.... Read more

    Affected Products : thinos_hf
    • EPSS Score: %3.31
    • Published: Aug. 17, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-33266

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request.... Read more

    Affected Products : dir-809_firmware dir-809
    • EPSS Score: %2.55
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-4984

    In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an a... Read more

    Affected Products : vnx2_firmware vnx1_firmware vnx2 vnx1
    • EPSS Score: %3.51
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2021-33841

    SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.... Read more

    Affected Products : sge-plc1000_firmware sge-plc1000
    • EPSS Score: %1.48
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291890 Results