Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-3253

    Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a c... Read more

    Affected Products : intelligent_management_center
    • Published: Aug. 30, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-16934

    The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a cha... Read more

    Affected Products : web_server
    • Published: Nov. 24, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-6079

    The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, ... Read more

    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-8236

    Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.... Read more

    Affected Products : eos
    • Published: Nov. 19, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-5120

    Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.... Read more

    Affected Products : openvms
    • Published: Nov. 18, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-3590

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, a Use After Free condition can occur in RIL while hand... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18129

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be contro... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18135

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, in the Wireless Data Service (WDS) module, a buffer overflow can occur.... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-4023

    An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulti... Read more

    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-2237

    Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.... Read more

    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2012-4702

    360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session.... Read more

    • Published: Mar. 11, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-4509

    The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses predictable session cookies in (1) tandberg/web/lib/secure.php and (2) tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass ... Read more

    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-5999

    An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.... Read more

    Affected Products : asuswrt
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-6557

    cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command.... Read more

    Affected Products : webutil
    • Published: Mar. 30, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-9328

    Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root.... Read more

    Affected Products : terramaster_operating_system tos tos
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2009-4952

    Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors.... Read more

    Affected Products : typo3 dir_listing
    • Published: Jul. 22, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-3186

    ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.... Read more

    Affected Products : camera_firmware
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-6973

    Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors.... Read more

    Affected Products : websphere_commerce
    • Published: Aug. 13, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-7218

    The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code... Read more

    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7297

    Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attacker... Read more

    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results