Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-21505

    Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to th... Read more

    • Published: May. 06, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39720

    Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A... Read more

    Affected Products : android
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-6969

    It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations.... Read more

    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-6963

    In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, ... Read more

    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-4982

    Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the arg... Read more

    Affected Products : qrcode_activex
    • Published: Sep. 19, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-4697

    TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.... Read more

    • Published: May. 23, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-1635

    Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.... Read more

    • Published: Nov. 12, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7985

    Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.... Read more

    Affected Products : espocrm
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5053

    The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attack... Read more

    Affected Products : gpu_driver
    • Published: Nov. 24, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-11081

    A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server.... Read more

    Affected Products : sidexis
    • Published: Apr. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-21268

    The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command ... Read more

    Affected Products : traceroute
    • Published: Jun. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-9458

    Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.... Read more

    Affected Products : ida
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-0140

    Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to ... Read more

    Affected Products : unified_meetingplace
    • Published: Jan. 28, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2002-2236

    Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : apt-www-proxy
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2021-43984

    mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.... Read more

    Affected Products : mypro
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-7292

    Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.... Read more

    Affected Products : fire_os
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-2832

    Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request ... Read more

    Affected Products : aspwebcalendar2008
    • Published: Jun. 24, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-0604

    Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog method.... Read more

    Affected Products : reflection_ftp_client
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-18145

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework e... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-0824

    Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.... Read more

    Affected Products : caroline
    • Published: Feb. 19, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293437 Results