Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-8551

    The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via craft... Read more

    • EPSS Score: %5.81
    • Published: Nov. 26, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9134

    Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.... Read more

    • EPSS Score: %3.75
    • Published: Dec. 03, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5081

    ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session.... Read more

    Affected Products : zp-ibh-13w zp-ne-14-s
    • EPSS Score: %0.88
    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5365

    Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.... Read more

    Affected Products : honor_ws851_firmware honor_ws851
    • EPSS Score: %1.69
    • Published: Jun. 14, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5675

    handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPSer... Read more

    • EPSS Score: %73.06
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6551

    Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device.... Read more

    • EPSS Score: %0.65
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-0368

    Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable.... Read more

    Affected Products : mbse-bbs
    • EPSS Score: %1.84
    • Published: Jan. 19, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2016-7110

    Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109.... Read more

    Affected Products : uma
    • EPSS Score: %1.75
    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2016-8938

    IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.... Read more

    Affected Products : urbancode_deploy
    • EPSS Score: %0.82
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-5998

    Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command.... Read more

    Affected Products : impero_education_pro
    • EPSS Score: %0.55
    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-10902

    PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : ptw-wms1_firmware ptw-wms1
    • EPSS Score: %2.11
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2015-8267

    The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.... Read more

    Affected Products : ad_self_password_reset
    • EPSS Score: %0.58
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-12787

    A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when... Read more

    Affected Products : noviware
    • EPSS Score: %35.14
    • Published: Aug. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2012-1808

    The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors.... Read more

    • EPSS Score: %0.57
    • Published: Apr. 13, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-3499

    Unspecified vulnerability in "a page in the workarea folder" in Ektron CMS400.NET 7.00 through 7.04 and 7.50 through 7.52 has unknown impact and attack vectors.... Read more

    Affected Products : cms4000.net
    • EPSS Score: %0.40
    • Published: Aug. 06, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-1830

    Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.... Read more

    Affected Products : kinghistorian kingview
    • EPSS Score: %14.41
    • Published: Jul. 05, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-9063

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client.... Read more

    Affected Products : android
    • EPSS Score: %0.25
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-13267

    In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • EPSS Score: %3.01
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-2284

    userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.... Read more

    Affected Products : firewall_security_manager
    • EPSS Score: %80.89
    • Published: Mar. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-9141

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD ... Read more

    • EPSS Score: %0.23
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292316 Results