Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2025-22504

    Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through 0.2.18.... Read more

    Affected Products : 4ecps_web_forms
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025

  • 10.0

    HIGH
    CVE-2020-35187

    The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root ac... Read more

    Affected Products : telegraf
    • EPSS Score: %2.01
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-31211

    An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.... Read more

    Affected Products : iray-a8z3_firmware iray-a8z3
    • EPSS Score: %0.40
    • Published: Jul. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7104

    A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.... Read more

    • EPSS Score: %21.54
    • Published: Sep. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35464

    Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : cloud_agent
    • EPSS Score: %2.01
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26854

    Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access... Read more

    • EPSS Score: %0.20
    • Published: Apr. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-0930

    The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session.... Read more

    Affected Products : hvg_video_gateway_firmware hvg400
    • EPSS Score: %0.60
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0575

    In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-13165

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute... Read more

    Affected Products : phaser_3320_firmware phaser_3320
    • EPSS Score: %1.28
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35665

    An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.... Read more

    Affected Products : terramaster_operating_system tos tos
    • EPSS Score: %89.37
    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26996

    Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted ... Read more

    Affected Products : arris_tr3300_firmware arris_tr3300
    • EPSS Score: %14.22
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-3336

    Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different ... Read more

    Affected Products : database_server
    • EPSS Score: %28.95
    • Published: Jun. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-1006

    A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4... Read more

    • EPSS Score: %1.26
    • Published: May. 10, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-3572

    In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.... Read more

    • EPSS Score: %0.71
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10988

    A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.... Read more

    Affected Products : ac15_firmware ac15
    • EPSS Score: %6.40
    • Published: Jul. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-6694

    GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, ... Read more

    • EPSS Score: %0.62
    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-7800

    A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.... Read more

    • EPSS Score: %1.17
    • Published: Dec. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8964

    TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xM... Read more

    • EPSS Score: %2.93
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-9026

    ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected.... Read more

    • EPSS Score: %3.19
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-8459

    Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.59
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 290958 Results