Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-18133

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, an out of bound access for ebi channel array can potentially occur.... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7167

    A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7168

    A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-7029

    Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.... Read more

    Affected Products : airport_base_station_firmware
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-7825

    A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll modu... Read more

    Affected Products : miplatform
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7980

    Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.... Read more

    Affected Products : aptus_web
    • Published: Jan. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8010

    CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.... Read more

    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8234

    A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.... Read more

    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0451

    Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0452.... Read more

    Affected Products : goldengate
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-15489

    An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges.... Read more

    Affected Products : wl-wn530hg4_firmware wl-wn530hg4
    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1919

    Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP mes... Read more

    • Published: Nov. 02, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2016-0840

    Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal... Read more

    Affected Products : android
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-1972

    Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdra... Read more

    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45090

    Stormshield Endpoint Security before 2.1.2 allows remote code execution.... Read more

    Affected Products : endpoint_security
    • Published: Dec. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46198

    An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app.... Read more

    Affected Products : courier_management_system
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26754

    wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.... Read more

    Affected Products : wpdatatables
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27171

    An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell).... Read more

    Affected Products : hg6245d_firmware hg6245d
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-27329

    Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.... Read more

    Affected Products : friendica frendica
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-7287

    MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.... Read more

    Affected Products : sentry virtual_smartphone_platform
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27691

    Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS comm... Read more

    Affected Products : g0_firmware g1_firmware g3_firmware g3 g0 g1
    • Published: Apr. 16, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results