Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-7664

    An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.... Read more

    Affected Products : clipbucket
    • Published: Mar. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-8865

    In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).... Read more

    Affected Products : ids_2102_firmware ids_2102
    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11240

    An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main server... Read more

    Affected Products : t-router_firmware t-router
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11491

    ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.... Read more

    Affected Products : hg100_firmware hg100
    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0620

    Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform con... Read more

    • Published: Feb. 26, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-11711

    A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that thi... Read more

    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0752

    Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.... Read more

    Affected Products : movable_type
    • Published: Mar. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2017-7213

    Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.... Read more

    Affected Products : manageengine_desktop_central
    • Published: May. 15, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-11535

    Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond th... Read more

    • Published: Jul. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11536

    Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with ... Read more

    Affected Products : sync3000_firmware sync3000
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-12153

    Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.... Read more

    Affected Products : pdfreactor
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12776

    An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and reloc... Read more

    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-6575

    SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms ... Read more

    Affected Products : android
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-2111

    Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.... Read more

    Affected Products : db_top_sites
    • Published: Jun. 18, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-14110

    Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maximum buffer size in case of SAP mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Elect... Read more

    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10088

    Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.... Read more

    Affected Products : uc-httpd
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2093

    Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1143

    A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.... Read more

    Affected Products : n750_firmware n750
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1151

    The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi.... Read more

    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11682

    Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as ... Read more

    • Published: Jun. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results