Latest CVE Feed
-
10.0
CRITICALCVE-2019-13411
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).... Read more
- EPSS Score: %0.42
- Published: Oct. 17, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-45496
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.... Read more
- EPSS Score: %0.18
- Published: Dec. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2019-2332
Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware +82 more products- EPSS Score: %0.33
- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-10845
Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.... Read more
- EPSS Score: %2.64
- Published: Sep. 15, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2010-3038
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or ... Read more
- EPSS Score: %1.73
- Published: Nov. 22, 2010
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2019-18184
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.... Read more
- EPSS Score: %21.33
- Published: Nov. 27, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-15808
POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code o... Read more
Affected Products : evo- EPSS Score: %0.77
- Published: Aug. 23, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2012-4708
Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.... Read more
Affected Products : codesys_gateway-server- EPSS Score: %9.35
- Published: Feb. 24, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2010-1518
Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via the item argument.... Read more
Affected Products : dldrv2_activex_control- EPSS Score: %2.99
- Published: Aug. 02, 2010
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2017-11394
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-... Read more
Affected Products : officescan- EPSS Score: %78.47
- Published: Aug. 03, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2018-16184
RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execu... Read more
Affected Products : d2200_firmware d5500_firmware d5510_firmware d5520_firmware d6500_firmware d6510_firmware d7500_firmware d8400_firmware d2200 d5500 +6 more products- EPSS Score: %4.36
- Published: Jan. 09, 2019
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-40113
Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with... Read more
Affected Products : catalyst_pon_switch_cgp-ont-1p_firmware catalyst_pon_switch_cgp-ont-4p_firmware catalyst_pon_switch_cgp-ont-4pvc_firmware catalyst_pon_switch_cgp-ont-4tvcw_firmware catalyst_pon_switch_cgp-ont-4pv_firmware catalyst_pon_switch_cgp-ont-1p catalyst_pon_switch_cgp-ont-4p catalyst_pon_switch_cgp-ont-4pvc catalyst_pon_switch_cgp-ont-4tvcw catalyst_pon_switch_cgp-ont-4pv- EPSS Score: %13.67
- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-3939
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact... Read more
Affected Products :- Published: May. 21, 2024
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-10871
Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors.... Read more
- EPSS Score: %0.64
- Published: Nov. 13, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2014-9353
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.... Read more
Affected Products : oncommand_balance- EPSS Score: %1.30
- Published: Feb. 06, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2008-0530
Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response.... Read more
- EPSS Score: %9.71
- Published: Feb. 15, 2008
- Modified: Apr. 09, 2025
-
10.0
HIGHCVE-2002-0626
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.... Read more
- EPSS Score: %0.48
- Published: Jan. 07, 2003
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2011-3290
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.... Read more
- EPSS Score: %1.50
- Published: Sep. 21, 2011
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2015-7709
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.... Read more
Affected Products : western_digital_arkeia- EPSS Score: %87.83
- Published: Oct. 05, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2019-11353
The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firm... Read more
- EPSS Score: %2.90
- Published: May. 09, 2019
- Modified: Nov. 21, 2024