Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2017-7964

    Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process.... Read more

    Affected Products : wre6505_firmware
    • EPSS Score: %2.71
    • Published: Apr. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8954

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %53.98
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5997

    An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code executi... Read more

    Affected Products : filehub_firmware
    • EPSS Score: %24.86
    • Published: Jan. 25, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-6546

    Unspecified vulnerability in phpns before 2.1.3 has unknown impact and attack vectors related to "activation permissions."... Read more

    Affected Products : phpns
    • EPSS Score: %0.26
    • Published: Mar. 30, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6555

    cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command.... Read more

    Affected Products : webutil
    • EPSS Score: %4.90
    • Published: Mar. 30, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6566

    Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability.... Read more

    Affected Products : octopussy
    • EPSS Score: %0.43
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6588

    Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed.... Read more

    Affected Products : adsl2\/2\+4-port_router
    • EPSS Score: %1.02
    • Published: Apr. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-3098

    Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.... Read more

    Affected Products : captivate
    • EPSS Score: %15.17
    • Published: Jun. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3222

    Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.... Read more

    Affected Products : amosconnect
    • EPSS Score: %6.12
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-6476

    In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.... Read more

    Affected Products : superantispyware
    • EPSS Score: %0.42
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6823

    In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.... Read more

    Affected Products : shimo
    • EPSS Score: %0.36
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-7300

    Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited... Read more

    • EPSS Score: %12.96
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-0506

    Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : nootka
    • EPSS Score: %1.60
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5863

    These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dang... Read more

    • EPSS Score: %10.81
    • Published: Nov. 23, 2012
    • Modified: Jul. 08, 2025

  • 10.0

    HIGH
    CVE-2018-0694

    FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : filezen
    • EPSS Score: %2.89
    • Published: Nov. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-7228

    Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101.... Read more

    Affected Products : white_dune
    • EPSS Score: %0.32
    • Published: Sep. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-7230

    Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before 1.2.5 has unknown impact and attack vectors.... Read more

    Affected Products : small_footprint_cim_broker
    • EPSS Score: %0.34
    • Published: Sep. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1914

    Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from t... Read more

    Affected Products : bigant_messenger
    • EPSS Score: %87.01
    • Published: Apr. 22, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-6046

    Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter.... Read more

    Affected Products : php_enter
    • EPSS Score: %12.63
    • Published: Nov. 27, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-8869

    In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).... Read more

    Affected Products : ids_2102_firmware ids_2102
    • EPSS Score: %0.65
    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 290958 Results