Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 10.0

    HIGH
    CVE-2010-4889

    Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : typo3 hm_tinymarket
    • EPSS Score: %0.97
    • Published: Oct. 07, 2011
    • Modified: Apr. 11, 2025
  • 10.0

    HIGH
    CVE-2015-9266

    The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulner... Read more

    • EPSS Score: %22.96
    • Published: Sep. 05, 2018
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2007-3047

    The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access.... Read more

    Affected Products : voip_telephone_adapter
    • EPSS Score: %0.81
    • Published: Jun. 05, 2007
    • Modified: Apr. 09, 2025
  • 10.0

    HIGH
    CVE-2003-0095

    Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authen... Read more

    Affected Products : database_server oracle8i oracle9i
    • EPSS Score: %33.07
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-1999-0443

    Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.... Read more

    Affected Products : patrol_agent
    • EPSS Score: %1.27
    • Published: Apr. 01, 1999
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2003-0575

    Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list.... Read more

    Affected Products : irix
    • EPSS Score: %3.45
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025
  • 10.0

    CRITICAL
    CVE-2017-2868

    An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packe... Read more

    Affected Products : xltek_neuroworks
    • EPSS Score: %2.00
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2003-0560

    SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.... Read more

    Affected Products : vp-asp
    • EPSS Score: %0.59
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2018-20718

    In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for c... Read more

    Affected Products : pydio
    • EPSS Score: %9.39
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2015-1001

    Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request.... Read more

    Affected Products : scada_web_server
    • EPSS Score: %1.35
    • Published: Oct. 25, 2015
    • Modified: Apr. 12, 2025
  • 10.0

    HIGH
    CVE-2015-9551

    An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.... Read more

    • EPSS Score: %7.37
    • Published: Nov. 24, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2021-22502

    Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.... Read more

    Affected Products : operation_bridge_reporter
    • Actively Exploited
    • EPSS Score: %93.98
    • Published: Feb. 08, 2021
    • Modified: Mar. 12, 2025
  • 10.0

    HIGH
    CVE-2014-2363

    Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.... Read more

    Affected Products : itemiser_3
    • EPSS Score: %0.62
    • Published: Jul. 26, 2014
    • Modified: Apr. 12, 2025
  • 10.0

    HIGH
    CVE-2004-0040

    Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.... Read more

    Affected Products : vpn-1 firewall-1 vpn-1_firewall-1
    • EPSS Score: %25.88
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2004-0168

    Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %1.22
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2013-6952

    The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.... Read more

    Affected Products : wemo_home_automation_firmware
    • EPSS Score: %4.64
    • Published: Feb. 22, 2014
    • Modified: Apr. 11, 2025
  • 10.0

    HIGH
    CVE-2013-3573

    HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.... Read more

    Affected Products : insight_diagnostics
    • EPSS Score: %0.90
    • Published: Jun. 14, 2013
    • Modified: Apr. 11, 2025
  • 10.0

    HIGH
    CVE-2019-19839

    emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.... Read more

    • EPSS Score: %4.27
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024
  • 10.0

    HIGH
    CVE-2013-6774

    Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x ... Read more

    • EPSS Score: %0.37
    • Published: Mar. 31, 2014
    • Modified: Apr. 12, 2025
  • 10.0

    HIGH
    CVE-2013-7405

    The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on ... Read more

    Affected Products : centricity_dms
    • EPSS Score: %0.43
    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 290943 Results