Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-19007

    In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.... Read more

    • EPSS Score: %0.49
    • Published: Dec. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-5370

    Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-4042.... Read more

    • EPSS Score: %16.62
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0924

    The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.... Read more

    Affected Products : data_protector
    • EPSS Score: %13.35
    • Published: Feb. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-7684

    inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The... Read more

    Affected Products : inxedu
    • EPSS Score: %0.72
    • Published: Feb. 09, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1127

    SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.... Read more

    Affected Products : smf
    • EPSS Score: %1.77
    • Published: Jun. 21, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2017-3324

    Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulner... Read more

    • EPSS Score: %2.72
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2020-7136

    A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.... Read more

    Affected Products : smart_update_manager
    • EPSS Score: %57.50
    • Published: Apr. 30, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7161

    A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.83
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-2289

    Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.... Read more

    Affected Products : windows_xp
    • EPSS Score: %15.06
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-7142

    A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.26
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-7153

    A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.83
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-7356

    CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be ex... Read more

    Affected Products : xpost
    • EPSS Score: %57.14
    • Published: Aug. 06, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-14224

    A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code in... Read more

    Affected Products : notes
    • EPSS Score: %1.67
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-5912

    VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.... Read more

    • EPSS Score: %24.47
    • Published: Nov. 28, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-5945

    Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 al... Read more

    • EPSS Score: %10.45
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-9653

    NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.... Read more

    • EPSS Score: %86.00
    • Published: May. 31, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-6035

    The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP p... Read more

    • EPSS Score: %1.71
    • Published: Feb. 04, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-9020

    Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.... Read more

    • EPSS Score: %0.54
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-1490

    Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors.... Read more

    Affected Products : cognos_8_business_intelligence
    • EPSS Score: %0.53
    • Published: Apr. 21, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-10621

    Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).... Read more

    Affected Products : webaccess\/nms
    • EPSS Score: %0.22
    • Published: Apr. 09, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 290978 Results