Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-10826

    /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.... Read more

    • EPSS Score: %61.53
    • Published: Mar. 26, 2020
    • Modified: May. 05, 2025

  • 10.0

    HIGH
    CVE-2021-22763

    A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker admin... Read more

    • EPSS Score: %0.25
    • Published: Jun. 11, 2021
    • Modified: Nov. 24, 2024

  • 10.0

    HIGH
    CVE-2016-0860

    Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %1.28
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-18852

    Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, ... Read more

    • EPSS Score: %0.82
    • Published: Nov. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-2611

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attack... Read more

    • EPSS Score: %4.95
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-23856

    The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.... Read more

    • EPSS Score: %0.31
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-23894

    Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serializ... Read more

    Affected Products : database_security
    • EPSS Score: %4.28
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-6769

    The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su.... Read more

    Affected Products : android superuser
    • EPSS Score: %0.34
    • Published: Mar. 31, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-2344

    Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token ... Read more

    Affected Products : android
    • EPSS Score: %1.88
    • Published: Jul. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-1885

    Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02.... Read more

    Affected Products : enterprise_manager
    • EPSS Score: %2.30
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2021-1920

    Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearabl... Read more

    • EPSS Score: %0.24
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-0744

    The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PC... Read more

    Affected Products : ichain
    • EPSS Score: %0.38
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2021-44623

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • EPSS Score: %0.39
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-1988

    Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring o... Read more

    Affected Products : firefox windows_xp
    • EPSS Score: %15.29
    • Published: May. 20, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-2028

    Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long transport mode.... Read more

    Affected Products : tftputil_gui
    • EPSS Score: %20.34
    • Published: May. 24, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2019-14678

    SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Servi... Read more

    • EPSS Score: %0.80
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-2681

    IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : rational_doors_web_access
    • EPSS Score: %1.33
    • Published: Jul. 07, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-26638

    Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control.... Read more

    Affected Products : s\&d_smarthome
    • EPSS Score: %8.75
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10107

    Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.... Read more

    Affected Products : mycloud_nas
    • EPSS Score: %4.34
    • Published: Jan. 03, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2005-0855

    CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) ... Read more

    Affected Products : coolforum
    • EPSS Score: %1.21
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 290978 Results