Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-12327

    Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed.... Read more

    Affected Products : sp-r50p_firmware sp-r50p
    • EPSS Score: %0.82
    • Published: Jul. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-9156

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD ... Read more

    • EPSS Score: %0.23
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-3270

    PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter.... Read more

    Affected Products : phpmyinventory
    • EPSS Score: %3.16
    • Published: Jun. 19, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2019-0022

    Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.... Read more

    • EPSS Score: %0.41
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-3465

    Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.... Read more

    Affected Products : safe_at_office_500_utm
    • EPSS Score: %0.34
    • Published: Jun. 27, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-5400

    An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors.... Read more

    Affected Products : platform_symphony
    • EPSS Score: %3.58
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-11295

    An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : dng_converter
    • EPSS Score: %4.76
    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-12971

    BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload of a File with a Dangerous Type.... Read more

    • EPSS Score: %0.72
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-1361

    Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.... Read more

    • EPSS Score: %0.92
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2019-13197

    Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the ... Read more

    • EPSS Score: %0.26
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-18395

    Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.... Read more

    Affected Products : thingspro
    • EPSS Score: %0.36
    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-20164

    Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-3629

    SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inform... Read more

    Affected Products : levent_veysi_portal
    • EPSS Score: %0.35
    • Published: Jul. 09, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-3060

    Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.... Read more

    • EPSS Score: %2.40
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2021-21913

    An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.... Read more

    Affected Products : dir-3040_firmware dir-3040
    • EPSS Score: %0.69
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6210

    D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.... Read more

    Affected Products : dir-620_firmware dir-620
    • EPSS Score: %1.40
    • Published: Jun. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-2679

    Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local users to execute arbitrary code via a long CompanyName field in the VersionInfo information in a running process.... Read more

    Affected Products : process_explorer
    • EPSS Score: %1.23
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0745

    Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.... Read more

    Affected Products : aix
    • EPSS Score: %25.84
    • Published: Aug. 18, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-1254

    Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows remote attackers to have an unknown impact via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.... Read more

    Affected Products : mxtreme
    • EPSS Score: %2.56
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0278

    Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS02 in the (a) CRM Technical Foundation component; (2) APPS03 in the (b) iProcurement ... Read more

    Affected Products : e-business_suite
    • EPSS Score: %1.81
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 292317 Results