Latest CVE Feed
-
10.0
HIGHCVE-2010-4889
Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.... Read more
- EPSS Score: %0.97
- Published: Oct. 07, 2011
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2015-9266
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulner... Read more
Affected Products : airmax_ac_firmware airmax_m_xm_firmware airmax_m_xw_firmware airmax_m_ti_firmware airgateway_firmware airfiber_af24_firmware airfiber_af24hd_firmware af5x_firmware af5_firmware airos_4_xs2 +13 more products- EPSS Score: %22.96
- Published: Sep. 05, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2007-3047
The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access.... Read more
Affected Products : voip_telephone_adapter- EPSS Score: %0.81
- Published: Jun. 05, 2007
- Modified: Apr. 09, 2025
-
10.0
HIGHCVE-2003-0095
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authen... Read more
- EPSS Score: %33.07
- Published: Mar. 03, 2003
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0443
Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.... Read more
Affected Products : patrol_agent- EPSS Score: %1.27
- Published: Apr. 01, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2003-0575
Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list.... Read more
Affected Products : irix- EPSS Score: %3.45
- Published: Aug. 27, 2003
- Modified: Apr. 03, 2025
-
10.0
CRITICALCVE-2017-2868
An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packe... Read more
Affected Products : xltek_neuroworks- EPSS Score: %2.00
- Published: Apr. 05, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2003-0560
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.... Read more
Affected Products : vp-asp- EPSS Score: %0.59
- Published: Aug. 18, 2003
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2018-20718
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for c... Read more
Affected Products : pydio- EPSS Score: %9.39
- Published: Jan. 15, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2015-1001
Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request.... Read more
Affected Products : scada_web_server- EPSS Score: %1.35
- Published: Oct. 25, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-9551
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.... Read more
Affected Products : n300rh-v3_firmware a850r-v1_firmware f1-v2_firmware f2-v1_firmware n150rt-v2_firmware n151rt-v2_firmware n300rh-v2_firmware n300rt-v2_firmware a850r-v1 f1-v2 +6 more products- EPSS Score: %7.37
- Published: Nov. 24, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-22502
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.... Read more
Affected Products : operation_bridge_reporter- Actively Exploited
- EPSS Score: %93.98
- Published: Feb. 08, 2021
- Modified: Mar. 12, 2025
-
10.0
HIGHCVE-2014-2363
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.... Read more
Affected Products : itemiser_3- EPSS Score: %0.62
- Published: Jul. 26, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2004-0040
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.... Read more
- EPSS Score: %25.88
- Published: Mar. 03, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0168
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."... Read more
- EPSS Score: %1.22
- Published: Mar. 15, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2013-6952
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.... Read more
Affected Products : wemo_home_automation_firmware- EPSS Score: %4.64
- Published: Feb. 22, 2014
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2013-3573
HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.... Read more
Affected Products : insight_diagnostics- EPSS Score: %0.90
- Published: Jun. 14, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2019-19839
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.... Read more
Affected Products : zonedirector_1200_firmware unleashed r310 zonedirector_1200 h320 h510 r710 r720 t610 r510 +7 more products- EPSS Score: %4.27
- Published: Jan. 23, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-6774
Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x ... Read more
- EPSS Score: %0.37
- Published: Mar. 31, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2013-7405
The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on ... Read more
Affected Products : centricity_dms- EPSS Score: %0.43
- Published: Aug. 04, 2015
- Modified: Apr. 12, 2025