Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-2638

    Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.... Read more

    Affected Products : 1-book
    • EPSS Score: %4.65
    • Published: Jun. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-3609

    The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScri... Read more

    • EPSS Score: %3.05
    • Published: Sep. 08, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-2689

    PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter.... Read more

    Affected Products : browsercrm
    • EPSS Score: %13.09
    • Published: Jun. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-3918

    The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.... Read more

    • EPSS Score: %0.35
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15900

    An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases retur... Read more

    Affected Products : doas
    • EPSS Score: %0.35
    • Published: Oct. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24679

    A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.... Read more

    • EPSS Score: %0.76
    • Published: Dec. 22, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15940

    Victure PC530 devices allow unauthenticated TELNET access as root.... Read more

    Affected Products : pc530_firmware pc530
    • EPSS Score: %0.48
    • Published: Oct. 01, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24640

    There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host o... Read more

    Affected Products : airwave_glass
    • EPSS Score: %1.20
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-5016

    An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafte... Read more

    • EPSS Score: %0.92
    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-5029

    An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor proce... Read more

    Affected Products : exhibitor
    • EPSS Score: %87.77
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-5049

    An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader ... Read more

    • EPSS Score: %0.42
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16273

    DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client... Read more

    Affected Products : d5_firmware d7_firmware d5 d7
    • EPSS Score: %0.86
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-7912

    The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document.... Read more

    Affected Products : aggregate
    • EPSS Score: %0.54
    • Published: Nov. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-4773

    Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D... Read more

    • EPSS Score: %3.37
    • Published: Mar. 23, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-16662

    An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command ex... Read more

    Affected Products : rconfig
    • EPSS Score: %94.45
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-3754

    The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to m... Read more

    Affected Products : tivoli_storage_manager_fastback
    • EPSS Score: %7.81
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2016-3840

    Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.... Read more

    Affected Products : android
    • EPSS Score: %2.30
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8073

    mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and... Read more

    Affected Products : android
    • EPSS Score: %3.76
    • Published: Nov. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-5909

    License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass acc... Read more

    • EPSS Score: %11.71
    • Published: Feb. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-19015

    An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password... Read more

    Affected Products : webtitan
    • EPSS Score: %1.11
    • Published: Dec. 02, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 290974 Results