Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2013-3075

    Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle pro... Read more

    • EPSS Score: %34.69
    • Published: Apr. 19, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-4031

    The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for t... Read more

    • EPSS Score: %2.51
    • Published: Aug. 09, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-4811

    UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp ... Read more

    • EPSS Score: %83.54
    • Published: Sep. 16, 2013
    • Modified: Apr. 22, 2025

  • 10.0

    HIGH
    CVE-2013-4812

    UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp fi... Read more

    • EPSS Score: %74.00
    • Published: Sep. 16, 2013
    • Modified: Apr. 22, 2025

  • 10.0

    HIGH
    CVE-2013-7095

    The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.... Read more

    Affected Products : customer_relationship_management
    • EPSS Score: %1.27
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-6218

    Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : network_node_manager_i
    • EPSS Score: %31.62
    • Published: Apr. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-4730

    Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.... Read more

    Affected Products : pcman\'s_ftp_server
    • EPSS Score: %75.87
    • Published: May. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3936

    Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbi... Read more

    • EPSS Score: %86.28
    • Published: Jun. 02, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-4152

    The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.... Read more

    • EPSS Score: %11.38
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3073

    Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    • EPSS Score: %11.99
    • Published: Jun. 21, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7205

    Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.... Read more

    Affected Products : bassmaster
    • EPSS Score: %84.24
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8656

    The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to... Read more

    • EPSS Score: %16.43
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7247

    Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to... Read more

    Affected Products : ichitaro ichitaro_pro
    • EPSS Score: %6.02
    • Published: Nov. 26, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-9188

    Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be ... Read more

    Affected Products : proclima
    • EPSS Score: %9.12
    • Published: Dec. 27, 2014
    • Modified: Jul. 24, 2025

  • 10.0

    HIGH
    CVE-2015-1449

    Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware... Read more

    • EPSS Score: %7.56
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-8385

    Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %1.22
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0932

    The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write... Read more

    • EPSS Score: %1.04
    • Published: Apr. 05, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3459

    The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.... Read more

    • EPSS Score: %13.86
    • Published: Apr. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3435

    Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.... Read more

    Affected Products : samsung_security_manager
    • EPSS Score: %7.62
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1903

    Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.... Read more

    Affected Products : domino
    • EPSS Score: %34.02
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292516 Results