Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-5791

    The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial ... Read more

    Affected Products : motorola_phone_adapter_vt2142-vd
    • EPSS Score: %3.65
    • Published: Nov. 01, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-20618

    Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on... Read more

    Affected Products : acmailer acmailer_db
    • EPSS Score: %2.51
    • Published: Jan. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-2149

    Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges ... Read more

    Affected Products : chatness
    • EPSS Score: %0.94
    • Published: Apr. 19, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-2355

    The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.... Read more

    Affected Products : server3
    • EPSS Score: %9.25
    • Published: Apr. 30, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-7225

    Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.... Read more

    Affected Products : wac_server
    • EPSS Score: %2.19
    • Published: Sep. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3093

    Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. Howe... Read more

    Affected Products : asus_wl-500w
    • EPSS Score: %0.40
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2016-7489

    Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.... Read more

    Affected Products : virtual_machine
    • EPSS Score: %0.89
    • Published: Nov. 10, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-7170

    GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet.... Read more

    Affected Products : gsc
    • EPSS Score: %3.32
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-3964

    SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors.... Read more

    Affected Products : webbox_firmware
    • EPSS Score: %0.91
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-5358

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %19.03
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-6600

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.... Read more

    Affected Products : android
    • EPSS Score: %1.47
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2006-6259

    Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read ar... Read more

    Affected Products : alternc
    • EPSS Score: %3.04
    • Published: Dec. 04, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-6841

    D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter.... Read more

    Affected Products : dch-m225_firmware dch-m225
    • EPSS Score: %10.17
    • Published: Feb. 21, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-25910

    A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a databas... Read more

    • EPSS Score: %0.44
    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-31137

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processi... Read more

    Affected Products : roxy-wi
    • EPSS Score: %94.00
    • Published: Jul. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2324

    When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, S... Read more

    • EPSS Score: %0.25
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-6962

    In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central S... Read more

    • EPSS Score: %0.19
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10760

    On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.... Read more

    • EPSS Score: %6.63
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2015-2692

    AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.... Read more

    Affected Products : adblock
    • EPSS Score: %0.62
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-4650

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %5.49
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 290954 Results