Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2013-10040

    ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Onc... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025

  • 10.0

    HIGH
    CVE-2017-9483

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands... Read more

    • EPSS Score: %0.72
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2009-1592

    Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long banner. NOTE: this might overlap CVE-2003-1368.... Read more

    Affected Products : 32bit_ftp
    • EPSS Score: %22.34
    • Published: May. 08, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-11949

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %19.03
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8768

    Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: fol... Read more

    Affected Products : sourcetree
    • EPSS Score: %8.53
    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2010-2102

    Buffer overflow in Webby Webserver 1.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.... Read more

    Affected Products : webby_webserver
    • EPSS Score: %7.57
    • Published: May. 27, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-1745

    Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access.... Read more

    Affected Products : profense_web_application_firewall
    • EPSS Score: %0.76
    • Published: May. 21, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-6275

    Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.... Read more

    Affected Products : bigant_im_message_server
    • EPSS Score: %72.88
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-4631

    Stack-based buffer overflow in the Message::AddToString function in message/Message.cpp in MUSCLE before 4.40 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted message. NOTE: some of these deta... Read more

    Affected Products : muscle
    • EPSS Score: %3.22
    • Published: Oct. 21, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1783

    Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attac... Read more

    • EPSS Score: %0.41
    • Published: May. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2018-0222

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to th... Read more

    • EPSS Score: %1.90
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-2429

    libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cau... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6603

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.... Read more

    Affected Products : android
    • EPSS Score: %3.76
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6636

    mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-1000804

    contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable ... Read more

    Affected Products : contiki-ng
    • EPSS Score: %11.47
    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-1000822

    codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via spec... Read more

    Affected Products : fess
    • EPSS Score: %0.24
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-1000830

    XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.... Read more

    Affected Products : xr3player
    • EPSS Score: %0.24
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-2227

    Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.... Read more

    Affected Products : bopup_communication_server
    • EPSS Score: %72.38
    • Published: Jun. 26, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-10251

    A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9.3 could allow an unauthenticated remote attacker to execute arbitr... Read more

    Affected Products : aleos es440 es450 gx400 gx440 gx450 ls300 rv50 rv50x mp70 +1 more products
    • EPSS Score: %0.08
    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-2357

    The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.... Read more

    Affected Products : tekradius
    • EPSS Score: %0.65
    • Published: Jul. 07, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 290958 Results