Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-10170

    NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly expose... Read more

    Affected Products : nordvpn
    • EPSS Score: %0.61
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9285

    Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010... Read more

    • EPSS Score: %8.42
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-8661

    The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    • EPSS Score: %4.50
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-1385

    Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) application 1.0.0 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android netease_weibohd
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2004-1763

    Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 (build 91) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long project name.... Read more

    Affected Products : hahtsite_scenario_server
    • EPSS Score: %22.36
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-11228

    Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).... Read more

    • EPSS Score: %9.09
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-6548

    Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-... Read more

    Affected Products : rt-ac53_firmware rt-ac53
    • EPSS Score: %48.34
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-6553

    Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon.... Read more

    Affected Products : privilege_manager_for_unix
    • EPSS Score: %74.04
    • Published: Apr. 29, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2007-1666

    The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions.... Read more

    Affected Products : ida_pro
    • EPSS Score: %3.82
    • Published: Mar. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2017-2853

    An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker ca... Read more

    Affected Products : xltek_neuroworks
    • EPSS Score: %1.86
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-11949

    Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM89... Read more

    • EPSS Score: %0.27
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-4611

    Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page.... Read more

    Affected Products : redcap redcap
    • EPSS Score: %1.30
    • Published: Jun. 17, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-1010298

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.... Read more

    Affected Products : op-tee
    • EPSS Score: %5.46
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2002-1659

    user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.... Read more

    Affected Products : portalapp
    • EPSS Score: %0.35
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2019-10588

    Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon M... Read more

    • EPSS Score: %0.36
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8415

    An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operat... Read more

    • EPSS Score: %2.94
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-8794

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:... Read more

    Affected Products : file_transfer_appliance
    • EPSS Score: %0.32
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8957

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %53.98
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-1477

    The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt htt... Read more

    • EPSS Score: %0.82
    • Published: May. 27, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-14078

    Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack).... Read more

    Affected Products : smart_hp_wmt
    • EPSS Score: %1.54
    • Published: Aug. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 290958 Results