Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2005-3254

    The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum... Read more

    Affected Products : cgiwrap
    • EPSS Score: %0.75
    • Published: Oct. 18, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-3205

    backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.... Read more

    • EPSS Score: %1.16
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-5323

    Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter i... Read more

    Affected Products : zenworks_configuration_management
    • EPSS Score: %18.22
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2005-3441

    Unspecified vulnerability in Intelligent Agent in Oracle Database Server 9i up to 9.0.1.5 has unknown impact and attack vectors, aka Oracle Vuln# DB14.... Read more

    Affected Products : database_server
    • EPSS Score: %1.53
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-3439

    Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB02, (2) DB03, and (3) DB05 in Change Data Capture; (4) DB07 in Data Pump Export; and (5) DB18, (6) DB19, (7)... Read more

    Affected Products : database_server
    • EPSS Score: %1.44
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-3456

    Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 i... Read more

    Affected Products : e-business_suite
    • EPSS Score: %1.53
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2023-31241

    Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.... Read more

    • EPSS Score: %0.01
    • Published: May. 22, 2023
    • Modified: Dec. 09, 2024

  • 10.0

    HIGH
    CVE-2018-7058

    Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web in... Read more

    Affected Products : aruba_clearpass_policy_manager
    • EPSS Score: %0.92
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-42669

    A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ director... Read more

    Affected Products : engineers_online_portal
    • EPSS Score: %44.22
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-21805

    An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trig... Read more

    Affected Products : r-seenet
    • EPSS Score: %92.43
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-14070

    An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access.... Read more

    Affected Products : mk-auth
    • EPSS Score: %0.35
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-3696

    Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.... Read more

    Affected Products : mongoose
    • EPSS Score: %0.26
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-5387

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %19.03
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-2425

    Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string.... Read more

    Affected Products : fileshare
    • EPSS Score: %3.78
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2021-1933

    UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables... Read more

    • EPSS Score: %0.25
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-5003

    Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.... Read more

    Affected Products : media_composer
    • EPSS Score: %74.71
    • Published: Dec. 25, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2017-7722

    In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the men... Read more

    • EPSS Score: %49.88
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-2138

    Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2.... Read more

    Affected Products : nuxt
    • EPSS Score: %0.09
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-14701

    Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). The supported version that is affected is 8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT... Read more

    Affected Products : sd-wan_aware
    • EPSS Score: %1.79
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-8205

    A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be execu... Read more

    Affected Products : network_advisor
    • EPSS Score: %24.06
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 290978 Results