Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2010-0276

    IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack... Read more

    • EPSS Score: %0.53
    • Published: Jan. 09, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2019-5617

    Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-lev... Read more

    • EPSS Score: %1.91
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0913

    Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache.... Read more

    Affected Products : lotus_domino
    • EPSS Score: %10.61
    • Published: Feb. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-6823

    A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.... Read more

    Affected Products : proclima
    • EPSS Score: %15.51
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-8255

    Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : linux_kernel mac_os_x windows brackets
    • EPSS Score: %5.20
    • Published: Dec. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7148

    A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.83
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7158

    A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.83
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7745

    This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.... Read more

    Affected Products : mintegraladsdk
    • EPSS Score: %0.45
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-8950

    The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.... Read more

    Affected Products : h665_firmware h665
    • EPSS Score: %0.89
    • Published: Feb. 20, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9863

    Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control... Read more

    • EPSS Score: %0.72
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1564

    Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigge... Read more

    Affected Products : realwin
    • EPSS Score: %44.56
    • Published: Apr. 05, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-1623

    Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET ses... Read more

    • EPSS Score: %0.43
    • Published: Jun. 02, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-13405

    A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any authentication then take the compromised device as a relay... Read more

    Affected Products : vd_1_firmware vd_1
    • EPSS Score: %0.52
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0804

    The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Feb. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-0265

    An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus gran... Read more

    Affected Products : appformix
    • EPSS Score: %5.43
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-10279

    MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access be... Read more

    • EPSS Score: %0.29
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0838

    Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (me... Read more

    Affected Products : android
    • EPSS Score: %2.23
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-17153

    It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a pass... Read more

    • EPSS Score: %91.65
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-2158

    The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/... Read more

    Affected Products : smarterstats
    • EPSS Score: %2.44
    • Published: May. 20, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-24215

    An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/op... Read more

    Affected Products : controlled_admin_access
    • EPSS Score: %37.38
    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290958 Results